-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate renewal logic fails because of the default behavior of Azure Key Vault #1387
Comments
@paf-dev Could you please share the entire definition of the resource? (with sensitive info redacted) Thank you!
What are you changing in your program at this point? |
Hello @mikhailshilkov
We added the piece of code that I mentioned in the first message. The part with I'm not sure if I understand what the definition of the resource means. Is it the properties of the resource that I can see on the pulumi portal in Resources section? Or is it something different? |
@mikhailshilkov is there any chance to get some progress with the issue? |
What happened?
So, we have a certificate that is stored in the Azure Key Vault. For the certificate we have the following part of
CertificateArgs
Now is the time to triger that renewal logic. When we run Pulumi we see the following error
keyvault.BaseClient#ImportCertificate: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Code="Conflict" Message="Certificate certmanager-***6110abac26 is currently in a deleted but recoverable state, and its name cannot be reused; in this state, the certificate can only be recovered or purged." InnerError={"code":"ObjectIsDeletedButRecoverable"}
Note: the name of the certificate was edited to hide sensitive data behind ***
The reason for the problem is clear, but doesn't it mean that the Certificate Lifetime Policy doesn't work at all when it collaborates with the Azure Key Vault?
Example
Everything is described in section "what happened"
Output of
pulumi about
CLI
Version 3.79.0
Go Version go1.21.0
Go Compiler gc
Plugins
NAME VERSION
azure 5.16.0
azure-native 1.71.0
azuread 5.28.0
azuredevops 2.5.0
dotnet unknown
kubernetes 3.21.0
random 4.8.2
tls 4.6.0
Host
OS Microsoft Windows 10 Pro
Version 10.0.19045 Build 19045
Arch x86_64
This project is written in dotnet: executable='C:\Program Files\dotnet\dotnet.exe' version='6.0.123'
Backend
Name pulumi.com
No dependencies found
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: