https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
b
That is correct because your preview might not match since those delegates might not execute in preview
b
Do you know of any way of getting deterministic domainValidationOptions? Or doing the equivalent of terraforms for each validation option create record: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#referencing-domain_validat[…]th-for_each-based-resources
b
Can I ask what SDK you’re using?
Also did you update the subject names of the cert or are you getting different ordering even when your subject names remain the same?
b
TS/nodejs sdk
this is on create
I want to create a cert in an account for domains that need to be validated in two other accounts which is why the order matters since I need to provide the correct aws.Provider to each r53 record.
I wrote similar code a year or so ago in python which worked (maybe I got lucky and the ordering just happened to be correct)
That made me under the impression that the order you give the domains to acm.Certificate will be the order the validationDomainNameOptions would be in.
b
well I believe the ordering is deterministic based on the input domains. I don't know for sure if that means the order will be the same as the order the domains were provided in, just that it will be the same order as long as the inputs haven't changed. You could sort the array by 
var sortedOptions = options.apply(unsorted => ........ return sorted);
. And if you know the order your domains should be in after sorting than you would know at which indices in the array you need to provide which providers. But I don't think there is way to have a setup such that when you update the cert by adding a new domain name you will only have to update 1 validation record. Because even if you sorted it this new domain could end up in the middle of your sorted array so every record that came after it would need to be recreated as well (because presumably your naming the resources by index or something). Alternatively if it is an option for you, I don't think it really costs anything or too much to make additional ACM certs for your AWS infrastructure. Is it possible for you to make separate certs? Then your separate provider issue would be trivial.
b
I wasn't using index for the validation record naming but instead using the domain name
I will try the sorting, thanks
b
Does it let you use the domain name? Because that would be an 
Output<string>
on the domain validation options right? And I'm pretty sure resource name only accepts 
string
. Or was that not giving you compile errors because you were doing it inside of an 
.apply(...)
so it was a 
string
?
b
I mean these domain names
Copy code
validations = [domainName, ...subjectAlternativeNames]
b
yea but how do you match them to the appropriate validation option without doing something funky inside of an apply?
b
I thought your suggestion was
Copy code
validations = [domainName, ...subjectAlternativeNames].sort()
options = cert.domainValidationOptions.apply(//sort)
and when I loop over validations to create the records the index should match up?
b
yes I think that would work - I was asking how you were using the domain names as your resource names previously before doing any sorting but I guess you just didn't have it working.
b
It was working by creating the records in the apply of validation options but that seems wrong so...
nice that did work
one step closer to global domination 🙂
b
Sweet, glad to hear it. Yea this doc here has a little blurb about creating resources inside that delegate: https://www.pulumi.com/docs/intro/concepts/inputs-outputs/#apply
b
thanks again
b
np!
4 Views
Open in Slack
PreviousNext
Powered by