https://pulumi.com logo
Join Slack
Powered by
Hi, I’m trying to add a domain to a managed ssl ce...
# google-cloud
k
Hi, I’m trying to add a domain to a managed ssl certificate. I’m ok replacing it because it’s just a dev project with no traffic. When I proceed with the update though, it fails because a target http proxy uses it. I would expect pulumi to remove first the target http proxy and then the ssl certificate, but it does not.
Copy code
Previewing update (infra.dev):
     Type                                       Name                                      Plan        Info
     pulumi:pulumi:Stack                        infrastructure-infra.dev
 +   ├─ gcp:compute:RegionNetworkEndpointGroup  global-lb-notification-rest-europe-west1  create
 +-  ├─ gcp:compute:ManagedSslCertificate       global-lb                                 replace     [diff: ~managed]
 +   ├─ gcp:compute:RegionNetworkEndpointGroup  global-lb-notification-rest-europe-west4  create
 +   ├─ gcp:compute:BackendService              global-lb-notification-rest               create
 ~   └─ gcp:compute:URLMap                      global-lb                                 update      [diff: ~hostRules,pathMatchers]


Resources:
    + 3 to create
    ~ 1 to update
    +-1 to replace
    5 changes. 34 unchanged

Do you want to perform this update? yes
Updating (infra.dev):
     Type                                       Name                                      Status                   Info
     pulumi:pulumi:Stack                        infrastructure-infra.dev                  **failed**               1 error
 +   ├─ gcp:compute:RegionNetworkEndpointGroup  global-lb-notification-rest-europe-west4  created (11s)
 +   ├─ gcp:compute:RegionNetworkEndpointGroup  global-lb-notification-rest-europe-west1  created (11s)
 +-  └─ gcp:compute:ManagedSslCertificate       global-lb                                 **replacing failed**     1 error


Diagnostics:
  pulumi:pulumi:Stack (infrastructure-infra.dev):
    error: update failed

  gcp:compute:ManagedSslCertificate (global-lb):
    error: deleting urn:pulumi:infra.dev::infrastructure::gcp:compute/managedSslCertificate:ManagedSslCertificate::global-lb: 1 error occurred:
    	* Error when reading or editing ManagedSslCertificate: googleapi: Error 400: The ssl_certificate resource 'projects/dev-julien-****/global/sslCertificates/global-lb' is already being used by 'projects/dev-julien-****/global/targetHttpsProxies/global-lb-35b3f02', resourceInUseByAnotherResource

Outputs:
Here is my pulumi code:
Copy code
const sslCertificate = new gcp.compute.ManagedSslCertificate(key, {
    name: key,
    managed: {
      domains: domains.map(({ domain }) => domain),
    },
  });

  const targetHttpsProxy = new gcp.compute.TargetHttpsProxy(
    key,
    {
      urlMap: urlMap.id,
      sslCertificates: [sslCertificate.name],
    });
Is there a way to tell pulumi that it needs to remove dependencies too?
Oh I’m so stupid, removing the name allows pulumi to create the replacement before removing the previous one…
94 Views
Open in Slack
PreviousNext
Powered by