better-actor-92669
03/11/2020, 10:47 AMError reading SslCertificate: googleapi: Error 400: The ssl_certificate resource 'projects/some-project/global/sslCertificates/base-site-ssl-certificate' is already being used by 'projects/some-project/global/targetHttpsProxies/base-site-http-proxy', resourceInUseByAnotherResource
limited-rainbow-51650
03/11/2020, 10:51 AMbetter-actor-92669
03/11/2020, 10:55 AMstocky-island-3676
03/11/2020, 11:02 AMbase-site-ssl-certificate
). I.e. the new one needs another name because the old name is already used. Therefore simply adding a small, unique hash would solve it. That’s what Ringo means.limited-rainbow-51650
03/11/2020, 11:06 AMname
property of your certificate resource.
On the other hand, if you want delete before create
like mentioned in issue 450 referenced above, set the deleteBeforeReplace
property.better-actor-92669
03/11/2020, 11:06 AMlimited-rainbow-51650
03/11/2020, 11:07 AMbetter-actor-92669
03/11/2020, 11:08 AMstocky-island-3676
03/11/2020, 11:09 AMlimited-rainbow-51650
03/11/2020, 11:09 AMbetter-actor-92669
03/11/2020, 11:11 AMlimited-rainbow-51650
03/11/2020, 11:12 AMbetter-actor-92669
03/11/2020, 11:15 AMlimited-rainbow-51650
03/11/2020, 11:20 AMpulumi.gcp.SSLCertificate('my-name-here', …)
, when applying, the resource on GCP will end with my-name-here-<hash>
so you should still be able to identify it.create_before_destroy
https://www.terraform.io/docs/configuration/resources.html#create_before_destroy
I’m glad that Pulumi improved on this with the autonaming.stocky-island-3676
03/11/2020, 11:28 AMupdate
) let’s say of the SSLCertificate
wouldn’t change sth. I.e. it’s idempotent. (If that’s not the case, it’s definitely a bug.)
I’ve linked the “Progamming Model” documentation in the Github issues.better-actor-92669
03/11/2020, 11:32 AMresource_name
name, which is the first argument, I only care about the name
stocky-island-3676
03/11/2020, 11:34 AMI only care about theThat’s what we’re also talking about. Pulumi automatically sets thename
name = resource-name-hash-suffix
if you didn’t set the name
for yourself. That’s the new, good thing compared to Terraform which doesn’t do this, AFAIK.better-actor-92669
03/11/2020, 11:38 AMsome-nginx
+ pulumi.get_peoject()
. I hope you understand me now.stocky-island-3676
03/11/2020, 12:03 PMSSLCertificate
case here, you basically have these options (or do I miss sth.):
1. Create the new certificate beforehand with a new name (with whatever suffix or prefix).
2. Delete the old certificate first => downtime, then create the new certificate with the same name.
3. 1.) with name = B
& use B
. Then (sometime later probably if everything works out) 2.) with A
, & re-use name A
(with new values).better-actor-92669
03/11/2020, 2:02 PM