damp-magazine-59707
09/28/2023, 3:28 PMpulumi stack export
shows exactly the cert material we expect. a sample diff:
+-gcp:certificatemanager/certificate:Certificate: (replace)
[id=projects/myproject/locations/global/certificates/wildcard--app-gcp-cert-5da1faa]
[urn=urn:pulumi:staging::app::company:app:infrastructure$company:app:dns$gcp:certificatemanager/certificate:Certificate::wildcard--app-gcp-cert]
[provider=urn:pulumi:staging::app::pulumi:providers:gcp::default_6_59_0::45fa4902-44fd-4f64-bf52-927b03c5043d]
~ selfManaged: {
+ pemCertificate: "-----BEGIN CERTIFICATE-----\n...snip...\n-----END CERTIFICATE-----\n"
+ pemPrivateKey : [secret]
}
pulumi stack export
includes certificate data that matches exactly what's in the diff. i obviously can't compare the key material, but it's odd that the diff a) shows that the key needs to be added, not changed; and b) shows that both the cert and key need to be added, when i can verify that the cert in the diff matches the cert in the current stack state. anyone have any idea what might be going on here, or how to gather more info on it?ancient-policeman-24615
09/29/2023, 6:19 PMdamp-magazine-59707
09/29/2023, 6:24 PMstraight-cat-87033
10/12/2023, 11:53 PMignore_changes
as a workaround, but am running into another issue there. When I attempt to ignore the self_managed
field and then run pulumi up
I get the following error:
error: gcp:certificatemanager/certificate:Certificate resource 'gcp-cert' has a problem: Invalid combination of arguments. "managed": one of `managed,self_managed` must be specified. Examine values at gcp-cert.managed'.
With code such as this:
# Create new GCP certificate using Certificate Manager
self.gcp_cert = gcp.certificatemanager.Certificate(
"gcp-cert",
self_managed=gcp.certificatemanager.CertificateSelfManagedArgs(
pem_certificate=self.cf_cert.certificate,
pem_private_key=self.private_key.private_key_pem,
),
opts=pulumi.ResourceOptions.merge(
opts, pulumi.ResourceOptions(
ignore_changes=["selfManaged"]
)
),
)
The call to pulumi up
works fine, but after issuing a pulumi refresh
all additional calls have the same problem. A similar issue occurs if I specify ["selfManaged.certificatePem", "selfManaged.certificatePrivateKey"]
as the args to ignore_changes
:
error: gcp:certificatemanager/certificate:Certificate resource 'gcp-cert' has a problem: Invalid combination of arguments. "self_managed.0.certificate_pem": one of `self_managed.0.certificate_pem,self_managed.0.pem_certificate` must be specified. Examine values at 'gcp-cert.selfManaged.certificatePem'.