https://pulumi.com logo
Title
b

billowy-laptop-45963

04/19/2021, 12:12 AM
My feeling is that I shouldn't create resources in another resources
.apply
eg:
cert.domainValidationOptions.apply(options=>options.map(option=>new aws.route53.Record(...
is that correct?
b

bored-oyster-3147

04/19/2021, 12:32 AM
That is correct because your preview might not match since those delegates might not execute in preview
b

billowy-laptop-45963

04/19/2021, 1:13 AM
Do you know of any way of getting deterministic domainValidationOptions? Or doing the equivalent of terraforms for each validation option create record: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#referencing-domain_validat[…]th-for_each-based-resources
b

bored-oyster-3147

04/19/2021, 12:49 PM
Can I ask what SDK you’re using?
Also did you update the subject names of the cert or are you getting different ordering even when your subject names remain the same?
b

billowy-laptop-45963

04/19/2021, 1:29 PM
TS/nodejs sdk
this is on create
I want to create a cert in an account for domains that need to be validated in two other accounts which is why the order matters since I need to provide the correct aws.Provider to each r53 record.
I wrote similar code a year or so ago in python which worked (maybe I got lucky and the ordering just happened to be correct)
That made me under the impression that the order you give the domains to acm.Certificate will be the order the validationDomainNameOptions would be in.
b

bored-oyster-3147

04/19/2021, 1:39 PM
well I believe the ordering is deterministic based on the input domains. I don't know for sure if that means the order will be the same as the order the domains were provided in, just that it will be the same order as long as the inputs haven't changed. You could sort the array by
var sortedOptions = options.apply(unsorted => ........ return sorted);
. And if you know the order your domains should be in after sorting than you would know at which indices in the array you need to provide which providers. But I don't think there is way to have a setup such that when you update the cert by adding a new domain name you will only have to update 1 validation record. Because even if you sorted it this new domain could end up in the middle of your sorted array so every record that came after it would need to be recreated as well (because presumably your naming the resources by index or something). Alternatively if it is an option for you, I don't think it really costs anything or too much to make additional ACM certs for your AWS infrastructure. Is it possible for you to make separate certs? Then your separate provider issue would be trivial.
b

billowy-laptop-45963

04/19/2021, 1:43 PM
I wasn't using index for the validation record naming but instead using the domain name
I will try the sorting, thanks
b

bored-oyster-3147

04/19/2021, 1:44 PM
Does it let you use the domain name? Because that would be an
Output<string>
on the domain validation options right? And I'm pretty sure resource name only accepts
string
. Or was that not giving you compile errors because you were doing it inside of an
.apply(...)
so it was a
string
?
b

billowy-laptop-45963

04/19/2021, 1:46 PM
I mean these domain names
validations = [domainName, ...subjectAlternativeNames]
b

bored-oyster-3147

04/19/2021, 1:48 PM
yea but how do you match them to the appropriate validation option without doing something funky inside of an apply?
b

billowy-laptop-45963

04/19/2021, 1:51 PM
I thought your suggestion was
validations = [domainName, ...subjectAlternativeNames].sort()
options = cert.domainValidationOptions.apply(//sort)
and when I loop over validations to create the records the index should match up?
b

bored-oyster-3147

04/19/2021, 1:52 PM
yes I think that would work - I was asking how you were using the domain names as your resource names previously before doing any sorting but I guess you just didn't have it working.
b

billowy-laptop-45963

04/19/2021, 1:54 PM
It was working by creating the records in the apply of validation options but that seems wrong so...
nice that did work
one step closer to global domination 🙂
thanks again
b

bored-oyster-3147

04/19/2021, 1:56 PM
Sweet, glad to hear it. Yea this doc here has a little blurb about creating resources inside that delegate: https://www.pulumi.com/docs/intro/concepts/inputs-outputs/#apply
np!