https://pulumi.com logo
#general
Title
# general
b

billowy-laptop-45963

08/14/2019, 6:13 PM
aws.acm.CertificateValidation deletes the cert after it is issued
w

white-balloon-205

08/14/2019, 6:13 PM
Hmm - that doesn't sound right. I use this quite regularly and have never seen it delete the cert. Do you have more details?
b

billowy-laptop-45963

08/14/2019, 6:15 PM
I can't at all get the acm/route53 combination work without a few issues. This is what I'm trying to get work which I have a working terraform version which is basically line for line equivalent:
Copy code
const cert = new aws.acm.Certificate("cert", {
    domainName: domainName,
    subjectAlternativeNames: [san1],
    validationMethod: "DNS",
});

const zone = aws.route53.getZone({
    name: domainName,
    privateZone: false,
}).then(zone => zone.id);


const v1 = new aws.route53.Record("v1", {
    name: cert.domainValidationOptions.apply(opt => opt[0].resourceRecordName),
    records: [cert.domainValidationOptions.apply(opt => opt[0].resourceRecordValue)],
    ttl: 60,
    type: cert.domainValidationOptions.apply(opt => opt[0].resourceRecordType),
    zoneId: zone,
});

const v2 = new aws.route53.Record("v2", {
    name: cert.domainValidationOptions.apply(opt => opt[1].resourceRecordName),
    records: [cert.domainValidationOptions.apply(opt => opt[1].resourceRecordValue)],
    ttl: 60,
    type: cert.domainValidationOptions.apply(opt => opt[1].resourceRecordType),
    zoneId: zone,
});

const certValidation = new aws.acm.CertificateValidation("cert", {
    certificateArn: cert.arn,
    validationRecordFqdns: [
        v1.fqdn,
        v2.fqdn,
    ],
});
pulumi cli : v0.17.28
w

white-balloon-205

08/14/2019, 6:16 PM
And what exactly happens?
b

billowy-laptop-45963

08/14/2019, 6:16 PM
my watcher:
Copy code
while :; do date ; aws --profile jonjitsu acm describe-certificate --certificate-arn arn:aws:acm:us-east-1:389211687401:certificate/057a6b0b-9967-4d1f-8294-7f3fdd7dce0a; sleep 2; done
on a fresh stack pulumi up -y creates a cert and then dies with a large exception. I immediately re-run pulumi up -y and it continues creating v1/v2 records
then the validation kicks in
once the cert is issued validation is up and it disappears
the describe-certificate above starts returning errors
so there's two issues really, one I created a ticket for here: https://github.com/pulumi/pulumi/issues/3063
w

white-balloon-205

08/14/2019, 6:23 PM
and then dies with a large exception
What exception?
once the cert is issued validation is up and it disappears
What output do you get from
pulumi
?
b

billowy-laptop-45963

08/14/2019, 6:23 PM
one of these for each usage in route53 record
TypeError: Cannot read property 'resourceRecordName' of undefined
output:
Copy code
$ pulumi up -y
Previewing update (acmtest1):

     Type                              Name                   Plan        Info
     pulumi:pulumi:Stack               wp-cfn-stack-acmtest1
 +-  ├─ aws:acm:Certificate            cert                   replace     [diff: ~domainName,subjectAlter
 +   ├─ aws:route53:Record             v2                     create
 +   ├─ aws:route53:Record             v1                     create
 +   └─ aws:acm:CertificateValidation  cert                   create

Resources:
    + 3 to create
    +-1 to replace
    4 changes. 1 unchanged

Updating (acmtest1):

     Type                              Name                   Status       Info
     pulumi:pulumi:Stack               wp-cfn-stack-acmtest1
 +-  ├─ aws:acm:Certificate            cert                   replaced     [diff: ~domainName,subjectAlte
 +   ├─ aws:route53:Record             v2                     created
 +   ├─ aws:route53:Record             v1                     created
 +   └─ aws:acm:CertificateValidation  cert                   created

Outputs:
    certarn: "arn:aws:acm:us-east-1:389211687401:certificate/057a6b0b-9967-4d1f-8294-7f3fdd7dce0a"

Resources:
    + 3 created
    +-1 replaced
    4 changes. 1 unchanged

Duration: 57s

Permalink: file:///home/jon/.pulumi/stacks/acmtest1.json
w

white-balloon-205

08/14/2019, 6:29 PM
The replacement of the
cert
there doesn't look right. What does the diff show about why
domainName
is changing? That replace will lead to the cert being deleted (after a new one is created for the replacement).
one of these for each usage in route53 record
TypeError: Cannot read property 'resourceRecordName' of undefined
This suggests that your
Certificate
returned only one validation option?
b

billowy-laptop-45963

08/14/2019, 7:00 PM
looks like it's my node version :~( I was using 11.3.0, switched to 8.11.4 and everything works now
w

white-balloon-205

08/14/2019, 7:18 PM
That's even scarier - no idea how that could lead to what you are seeing! But glad things are working for you.
b

best-xylophone-83824

08/15/2019, 9:26 AM
Node version in pulumi/pulumi docker image is 11.x , is it recommended node version to be used?
w

white-balloon-205

08/15/2019, 4:18 PM
We test on 12, 10 and 8 currently (current along with previous LTSs). Node 11 is technically EOL already per https://nodejs.org/en/about/releases/. I'd definitely be surprised about any serious issues with Node 11 though, as many users still happen to use it. We should bump the version in
pulumi/pulumi
to 12 though.
2 Views