https://pulumi.com logo
Title
p

purple-lawyer-35555

07/01/2021, 8:00 AM
hi all! i have encapsulated the logic for obtaining a viewer certificate for cloudfront (aws) into a function (note I'm returning it in the very first line):
function getViewerCertificate(
  customDomain: string | undefined,
  ... // other parameters
): pulumi.Input<aws.types.input.cloudfront.DistributionViewerCertificate> {
  if (!customDomain) {
    return {
      minimumProtocolVersion: 'TLSv1.1_2016',
      cloudfrontDefaultCertificate: true,
    }
  }
which I later call it (with
customDomain
set to
undefined
)
const viewerCertificate = getViewerCertificate(customDomain,...)
and use it:
const distributionArgs: aws.cloudfront.DistributionArgs = {enabled: true, aliases: customDomain ? [customDomain] : [], viewerCertificate, ...}
and after running the
update
command with automation api this change is detected on every deploy as an updated resource, taking a lot of time to complete the operation. I understand that pulumi should not detect this as a change. is this an expected behavior? it seems like a bug to me
b

bored-oyster-3147

07/01/2021, 2:45 PM
Export your pulumi state, and find in the state file the JSON object representing the
viewerCertificate
that was provided to the cloudfront distribution as it currently exists. Then you will be able to see how/if it differs with the object returned from this function