Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
k
kind-island-70054
02/10/2023, 2:33 PMHi, I’m trying to add a domain to a managed ssl certificate. I’m ok replacing it because it’s just a dev project with no traffic. When I proceed with the update though, it fails because a target http proxy uses it. I would expect pulumi to remove first the target http proxy and then the ssl certificate, but it does not.
Previewing update (infra.dev):
Type Name Plan Info
pulumi:pulumi:Stack infrastructure-infra.dev
+ ├─ gcp:compute:RegionNetworkEndpointGroup global-lb-notification-rest-europe-west1 create
+- ├─ gcp:compute:ManagedSslCertificate global-lb replace [diff: ~managed]
+ ├─ gcp:compute:RegionNetworkEndpointGroup global-lb-notification-rest-europe-west4 create
+ ├─ gcp:compute:BackendService global-lb-notification-rest create
~ └─ gcp:compute:URLMap global-lb update [diff: ~hostRules,pathMatchers]
Resources:
+ 3 to create
~ 1 to update
+-1 to replace
5 changes. 34 unchanged
Do you want to perform this update? yes
Updating (infra.dev):
Type Name Status Info
pulumi:pulumi:Stack infrastructure-infra.dev **failed** 1 error
+ ├─ gcp:compute:RegionNetworkEndpointGroup global-lb-notification-rest-europe-west4 created (11s)
+ ├─ gcp:compute:RegionNetworkEndpointGroup global-lb-notification-rest-europe-west1 created (11s)
+- └─ gcp:compute:ManagedSslCertificate global-lb **replacing failed** 1 error
Diagnostics:
pulumi:pulumi:Stack (infrastructure-infra.dev):
error: update failed
gcp:compute:ManagedSslCertificate (global-lb):
error: deleting urn:pulumi:infra.dev::infrastructure::gcp:compute/managedSslCertificate:ManagedSslCertificate::global-lb: 1 error occurred:
* Error when reading or editing ManagedSslCertificate: googleapi: Error 400: The ssl_certificate resource 'projects/dev-julien-****/global/sslCertificates/global-lb' is already being used by 'projects/dev-julien-****/global/targetHttpsProxies/global-lb-35b3f02', resourceInUseByAnotherResource
Outputs:const sslCertificate = new gcp.compute.ManagedSslCertificate(key, {
name: key,
managed: {
domains: domains.map(({ domain }) => domain),
},
});
const targetHttpsProxy = new gcp.compute.TargetHttpsProxy(
key,
{
urlMap: urlMap.id,
sslCertificates: [sslCertificate.name],
});Oh I’m so stupid, removing the name allows pulumi to create the replacement before removing the previous one…