clever-application-67149
03/01/2023, 4:35 PMaws:acm/certificate:Certificate
). Specifically, we're getting the error:
error: Error: No valid 'type' passed in for alias.
at /home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/resource.ts:516:19
at /home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/output.ts:383:31
at Generator.next (<anonymous>)
at /home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/pulumi/output.js:21:71
at new Promise (<anonymous>)
at __awaiter (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/pulumi/output.js:17:12)
at applyHelperAsync (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/pulumi/output.js:236:12)
at /home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/output.ts:302:65
at dynatraceRegularInvoke (/opt/dynatrace/oneagent/agent/bin/1.259.304.20230210-081346/any/nodejs/nodejsagent.js:3093:20)
at Object.a.safeInvoke (/opt/dynatrace/oneagent/agent/bin/1.259.304.20230210-081346/any/nodejs/nodejsagent.js:3168:41)
This error is down in the resource.ts
file here: https://github.com/pulumi/pulumi/blob/24f0ae32f7c02bf1906a6081cab81217872c7d38/sdk/nodejs/resource.ts#L516
We created our own CertificateManager
class, which has a getCert(
) method for creating the necessary certs for our web properties. One of those certs (support) needs an Alias added to it, and our code in the getCert()
method handles that. Here's the code:
public getCert(
name: string,
zone: aws.route53.Zone,
domainName?: string,
): aws.acm.CertificateValidation {
let certAlias: CustomResourceOptions = {};
//Add required alias for the support cert.
if (name === "support") {
certAlias = {
aliases: [
{
name: this.config.getResourceName("supportability-cert"),
type: "aws:acm/certificate:Certificate",
},
],
};
}
const cert = new aws.acm.Certificate(
this.config.getResourceName(`${name}-cert`),
{
domainName: domainName ?? zone.name,
tags: this.config.getTags(),
validationMethod: "DNS",
},
certAlias,
);
const validationRecords = cert.domainValidationOptions.apply(
(domainValidationOptions) => {
return domainValidationOptions.map((domainValidationOption) => {
return new aws.route53.Record(
`validation-record-${domainValidationOption.domainName}`,
{
allowOverwrite: true,
name: domainValidationOption.resourceRecordName,
records: [domainValidationOption.resourceRecordValue],
ttl: ONE_HOUR,
type: domainValidationOption.resourceRecordType,
zoneId: zone.zoneId,
},
);
});
},
);
let certValidationAlias: CustomResourceOptions = {};
//Add required alias for the support cert.
if (name === "support") {
certValidationAlias = {
aliases: [
{
name: this.config.getResourceName("certificate-validation"),
type: "aws:acm/certificateValidation:CertificateValidation",
},
],
};
}
return new aws.acm.CertificateValidation(
this.config.getResourceName(`${name}-certificate-validation`),
{
certificateArn: cert.arn,
validationRecordFqdns: validationRecords.apply((records) =>
records.map((record) => record.fqdn),
),
},
certValidationAlias,
);
}
Based on these select lines from the build output (running a Pulumi Preview), the cert handling is working for everything but the support
cert that is supposed to get the alias.
pulumi:pulumi:Stack pulumi-artemis-infrastructure running error: Error: No valid 'type' passed in for alias.
aws:acm:Certificate artemis-dev-artemis-dev-chat-proxy-cert [diff: ~provider]
aws:acm:Certificate artemis-dev-search-cert [diff: ~provider]
aws:acm:CertificateValidation artemis-dev-search-certificate-validation [diff: ~provider]
So, the non-support cases, where we include an empty object for the CustomResourceParameters
for the new Certificate
, it works. When we add the alias and type for the support cert, it fails. In resources.ts
on line 506, the collapseAliasToUrn
function should be taking the explicit type that we're providing in favor of the passed defaultType
, so how that type becomes undefined
and triggers the error on line 516, I haven't a clue.
This code had been working, but started causing problems when we updated Pulumi. Here are the version changes:
@pulumi/aws from 5.10.0 to 5.30.0
@pulumi/awsx from 0.40.0 to 1.0.2
@pulumi/docker from 3.2.0 to 3.6.1
@pulumi/kubernetes from 3.19.4 to 3.24.1
@pulumi/pulumi from 3.35.3 to 3.55.0
Could this be a state problem? Do we need to sync from the deployed state before we run another build? I confess that I'm at a loss.salmon-gold-74709
03/02/2023, 6:20 PMclever-application-67149
03/02/2023, 6:52 PMNo valid 'type' passed in for alias
error is gone, but now I have a serialization error on the same `awsacm/certificateCertificate`:
error: Error: failed to register new resource artemis-dev-support-cert [aws:acm/certificate:Certificate]: 13 INTERNAL: Request message serialization failure: Assertion failed: Expected string but got %s: %s.
at Object.registerResource (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/aws/node_modules/@pulumi/runtime/resource.ts:339:27)
at new Resource (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/aws/node_modules/@pulumi/resource.ts:398:13)
at new CustomResource (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/aws/node_modules/@pulumi/resource.ts:782:9)
at new Certificate (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/node_modules/@pulumi/acm/certificate.ts:334:9)
at CertificateManager.getCert (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/infrastructure/artemis/src/aws/certificate.ts:36:18)
at new SupportCloudFront (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/infrastructure/artemis/src/aws/cloudfront/support.ts:64:44)
at Injector.instantiateClass (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/node_modules/@nestjs/core/injector/injector.js:330:19)
at callback (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/node_modules/@nestjs/core/injector/injector.js:48:41)
at Injector.resolveConstructorParams (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/node_modules/@nestjs/core/injector/injector.js:122:24)
at Injector.loadInstance (/home/labuser/.cache/bazel/_bazel_labuser/34360f705a4b3bbdc2679b46775386d6/execroot/artemis/bazel-out/k8-fastbuild/bin/infrastructure/node_modules/@nestjs/core/injector/injector.js:52:9)
Now what? Do I need to downgrade @pulumi/aws
and @pulumi/awsx
as well?salmon-gold-74709
03/02/2023, 7:18 PMpulumi
module you may need to update them, and hopefully any package.json constraints will figure this out (I'm not a Node person though)