pulumi-community #google-cloud

google-cloud

rhythmic-actor-14991

06/25/2021, 2:18 AM

const messageTopic = new gcp.pubsub.Topic("gcp_disk_leak_detector");

rhythmic-actor-14991

06/25/2021, 2:18 AM

how can i get this topic name ?

bland-queen-27621

07/06/2021, 8:45 PM

Hello, is there any way to list all subnetworks in google native? The below documentation seems to indicate that the

subnetworks.get

returns only one at a time. https://www.pulumi.com/docs/reference/pkg/gcp/compute/subnetwork/#look-up However, the code comment on the method is a little misleading.

Returns the specified subnetwork. Gets a list of available subnetworks list() request.

cc: @tall-librarian-49374

helpful-tent-95136

07/07/2021, 11:09 AM

anyone else get an error like

Error 403: Cloud SQL Admin API has not been used in project [REDACTED] before

except the project id in the error is in the wrong project? If i run

pulumi up

from local as myself, it deploys fine. If i run

pulumi up

from our CD environment AFTER i've deployed the database from my local, it deploys fine, and deploys other resources into the correct project. BUT if I run

pulumi up

from our CD environment following a Pulumi destroy, it gives me this error for the wrong project. I checked the service account I'm using and it has

Cloud SQL Admin

assigned in the correct project! I am rather flummoxed

bland-lamp-16797

07/09/2021, 4:04 PM

I wonder if I can create a function with empty code... I want pulumi to manage the function but not to deploy. What should I put in

source

arg EDIT: or maybe it's better to use

get_function()

instead ?!?!? EDIT2: but it would be nice that I can deploy blank function

creamy-jewelry-89484

07/13/2021, 6:02 PM

hi i have a question. i created a gke cluster and i see pulumi is appending a hash at the end of the name. why is that?

straight-magician-37467

07/14/2021, 6:58 PM

I have a couple of GCR containers behind a load balancer with a custom domain, but when I update one of the containers using pulumi, the domain doesn’t point to the new container. Do I need to do something manually in my pulumi script, or is it more likely that I’ve simply misconfigured this in Google Cloud itself?

bland-lamp-16797

07/16/2021, 9:06 AM

is this something that I should report?

panic: interface conversion: interface {} is nil, not string
    goroutine 115 [running]:
    <http://github.com/hashicorp/terraform-provider-google-beta/google-beta.resourceBigQueryDatasetRead(0xc000dc4400|github.com/hashicorp/terraform-provider-google-beta/google-beta.resourceBigQueryDatasetRead(0xc000dc4400>, 0x3e11880, 0xc000c75c00, 0x5c13860, 0xc000075200)
    	/home/runner/go/pkg/mod/github.com/pulumi/terraform-provider-google-beta@v0.0.0-20210413102234-53ba2d5c714b/google-beta/resource_big_query_dataset.go:488 +0x1c29
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000894d80|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000894d80>, 0x43cc6b0, 0xc000140030, 0xc000dc4400, 0x3e11880, 0xc000c75c00, 0x0, 0x0, 0x0)
    	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20201218231525-9cca98608a5e/helper/schema/resource.go:290 +0x88
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000894d80|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000894d80>, 0x43cc6b0, 0xc000140030, 0xc000d34c40, 0x3e11880, 0xc000c75c00, 0x17, 0xc00035c2d0, 0x21, 0xc000dad200)
    	/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20201218231525-9cca98608a5e/helper/schema/resource.go:564 +0x1cb
    <http://github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfshim/sdk-v2.v2Provider.Refresh(0xc00050d6d0|github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfshim/sdk-v2.v2Provider.Refresh(0xc00050d6d0>, 0x3e6e49f, 0x17, 0x43cd520, 0xc000dbf670, 0xc00035c2d0, 0x21, 0xc000dad0e0, 0xc000de00d0)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v2@v2.23.0/pkg/tfshim/sdk-v2/provider.go:125 +0x1da
    <http://github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Read(0xc00000a1e0|github.com/pulumi/pulumi-terraform-bridge/v2/pkg/tfbridge.(*Provider).Read(0xc00000a1e0>, 0x43cc720, 0xc000dad140, 0xc001308f00, 0xc00000a1e0, 0x397af01, 0xc00138f600)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v2@v2.23.0/pkg/tfbridge/provider.go:939 +0x692
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Read_Handler.func1(0x43cc720|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Read_Handler.func1(0x43cc720>, 0xc000dad140, 0x3cfc420, 0xc001308f00, 0x3d4e6c0, 0x5c12f38, 0x43cc720, 0xc000dad140)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.24.1/proto/go/provider.pb.go:2287 +0x89
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x43cc720|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1(0x43cc720>, 0xc000dacea0, 0x3cfc420, 0xc001308f00, 0xc000a07e20, 0xc000d3bf50, 0x0, 0x0, 0x4396ac0, 0xc0004fcfb0)
    	/home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x30a
    <http://github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Read_Handler(0x3dd5d00|github.com/pulumi/pulumi/sdk/v2/proto/go._ResourceProvider_Read_Handler(0x3dd5d00>, 0xc00000a1e0, 0x43cc720, 0xc000dacea0, 0xc001319e60, 0xc0005b1220, 0x43cc720, 0xc000dacea0, 0xc000dc2000, 0xb8)
    	/home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.24.1/proto/go/provider.pb.go:2289 +0x150
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc000505500|google.golang.org/grpc.(*Server).processUnaryRPC(0xc000505500>, 0x4408438, 0xc000102f00, 0xc0003e3400, 0xc000638150, 0x5bcfd60, 0x0, 0x0, 0x0)
    	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.36.0/server.go:1217 +0x52b
    <http://google.golang.org/grpc.(*Server).handleStream(0xc000505500|google.golang.org/grpc.(*Server).handleStream(0xc000505500>, 0x4408438, 0xc000102f00, 0xc0003e3400, 0x0)
    	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.36.0/server.go:1540 +0xd0c
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0002be140|google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0002be140>, 0xc000505500, 0x4408438, 0xc000102f00, 0xc0003e3400)
    	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.36.0/server.go:878 +0xab
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
    	/home/runner/go/pkg/mod/google.golang.org/grpc@v1.36.0/server.go:876 +0x1fd

helpful-hair-30515

07/18/2021, 11:39 AM

I have tried to create GCP VPC and multiple subnets but i see vpc names and subnet names are appending with hashes...is there anyway i can fix it.

mysterious-pager-42871

07/26/2021, 1:37 AM

hi everyone, curious if anybody has managed to create an instance from an image in another project - I’m having trouble with it. first, I’m getting an error when including the google_beta provider as detailed in the example - but when I don’t include it, I get errors when trying to pull the image because it uses the configured deployment project instead of the project I’m trying to get the image from here’s my code block:

server_instance = gcp.compute.InstanceFromMachineImage("github-server",
    zone="australia-southeast2-a",
    machine_type="n1-standard-8",
    source_machine_image="projects/github-enterprise-public/global/machineImages/github-enterprise-3-1-3",
    can_ip_forward=False,
    network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
        network=vpc_network.id,
        access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs(
            nat_ip=static.address
        )])],
    opts=pulumi.ResourceOptions(provider=google_beta))

but when I run it without the beta_provider I get this error regarding the machine image (it’s interpolating the configured project ID):

Diagnostics:
  pulumi:pulumi:Stack (furo-github-server-dev):
    error: update failed

  gcp:compute:InstanceFromMachineImage (github-server):
    error: 1 error occurred:
        * googleapi: Error 404: The resource 'projects/<redacted-but-should-be-github-enterprise-public>/global/machineImages/github-enterprise-3-1-3' was not found, notFound

Resources:
    - 1 deleted
    10 unchanged

Duration: 15s

thanks for any insight 🙂

future-nail-59564

07/26/2021, 4:15 PM

Hey folks! 👋 I’m trying to create a GCP project via Pulumi and set it to use an existing billing account that we have. However, I see nowhere in the Project type where we could specify the billing account. And if it’s not specified, then many Google services fail to activate, because they require a billing account. In Terraform, we were doing this at project level:

resource "google_project" "my_project" {
  name            = "my_project"
  project_id      = "my_project_123456"
  billing_account = "01913E-D7CA1E-9371A0"
  org_id          = "my_org"
}

What am I missing here? 🤔

helpful-hair-30515

07/28/2021, 4:07 AM

Hi Guys....i have tried to create google cloud artifact registry as PyPi repo, We would like to publish all our pulumi python packages to that repo and use in our python code as a module using

poetry

...but

poetry

is not supporting authentication with GCP as i seen here https://github.com/GoogleCloudPlatform/artifact-registry-python-tools/issues/17 ...is there any way to achieve this?

crooked-helicopter-55521

07/28/2021, 5:13 PM

Hey y’all, I got a question about the relationship of DatabaseInstance and an individual Database: I have a single Database I’m trying to delete from inside of an Instance. I turned off

deletion_protection

for it, but it still won’t allow me to delete it and I’m guessing that’s because the Instance it is inside of still has the protection turned on. Is that a correct guess? It seems pretty scary to have the protection turned off on the instance to do this. Is there a different way around it?

numerous-pencil-44890

07/28/2021, 9:54 PM

Does anyone know how to bind a GKE workload identity service account to firestore in Pulumi? The firestore API is pretty limited compared to the other products: https://www.pulumi.com/docs/reference/pkg/gcp/firestore/

prehistoric-house-87407

07/30/2021, 6:49 PM

Is this the appropriate place to bring up a problem with the Google Native provider? I'm trying to create a ServiceAccount and ServiceAccountIamPolicy. I think I need to use the generated email from the ServiceAccount in the ServiceAccountIamPolicy, but I can't since the members field will only take a

str

and not an

Output

. My python example:

import pulumi_google_native as google

sa = google.iam.v1.ServiceAccount(
    "test-sa",
    account_id="test-sa",
)

google.iam.v1.ServiceAccountIamPolicy(
    sa.name,
    service_account_id=sa.id,
    bindings=[
        google.iam.v1.BindingArgs(
            members=[sa.email.apply(lambda emailid: f"user:{emailid}")], role="roles/cloudsql.client"
        )
    ],
)

prehistoric-house-87407

07/30/2021, 6:50 PM

I couldn't figure out how to do this at all with the gcp provider, so I got closer this time... just not close enough. 🙂

lemon-wire-69305

08/02/2021, 11:25 PM

Hi all! I'm struggling to figure out how nested buckets are created with GCS. My code looks like:

const bucketHome = new gcp.storage.Bucket("bucket-web", {
  name: bucketHomeName,
  location: hostArea,
});

const bucketFrontendDeploys = new gcp.storage.Bucket("bucket-frontend-deploys", {
  name: pulumi.interpolate`${bucketHome.name}/deploy/frontend`,
  location: hostArea,
});

But Google doesn't allow slashes in a bucket name, so although

bucket-web

will be created fine, the second

bucket-frontend-deploys

will give back an error

googleapi: Error 400: Invalid bucket name

when I run

pulumi up

. That leaves me with the question: How exactly do you created nested buckets?! It feels like there's something simple that I'm missing. Any pointers would be much appreciated.

brief-painter-17615

08/04/2021, 6:17 PM

hey folks, I'm trying to use pulumi/gcp plugin on Big Sur, and getting a 'file too large error'

brief-painter-17615

08/04/2021, 6:17 PM

➜  pulumi  pulumi plugin install resource gcp v5.14.0
[resource plugin gcp-5.14.0] installing
Downloading plugin: 35.89 MiB / 37.52 MiB [=======================>-]  95.67% 1s
error: installing [resource plugin gcp-5.14.0] from : untarring file /Users/austin/.pulumi/plugins/resource-gcp-v5.14.0/pulumi-resource-gcp: write /Users/austin/.pulumi/plugins/resource-gcp-v5.14.0/pulumi-resource-gcp: file too large

kind-insurance-98994

08/05/2021, 12:36 PM

Hi all! We currently planning to use Pulumi for our migration to GCP and be in Production later this year. Are you recommending us to use

pulumi-google-native

or should we stick to the "old" GCP provider? When will the native provider be GA?

kind-insurance-98994

08/07/2021, 10:56 PM

Hi everyone! I am trying to setup a Private IP DB instance and it is referencing provider : google_beta, when calling pulumi up, it is unable to compile the TypeScript. Any ideas or tips? This is what I am trying to build: https://www.pulumi.com/docs/reference/pkg/gcp/sql/databaseinstance/#private-ip-instance

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";

const privateNetwork = new gcp.compute.Network("privateNetwork", {}, {
    provider: google_beta,
});
const privateIpAddress = new gcp.compute.GlobalAddress("privateIpAddress", {
    purpose: "VPC_PEERING",
    addressType: "INTERNAL",
    prefixLength: 16,
    network: privateNetwork.id,
}, {
    provider: google_beta,
});
const privateVpcConnection = new gcp.servicenetworking.Connection("privateVpcConnection", {
    network: privateNetwork.id,
    service: "<http://servicenetworking.googleapis.com|servicenetworking.googleapis.com>",
    reservedPeeringRanges: [privateIpAddress.name],
}, {
    provider: google_beta,
});
const dbNameSuffix = new random.RandomId("dbNameSuffix", {byteLength: 4});
const instance = new gcp.sql.DatabaseInstance("instance", {
    region: "us-central1",
    settings: {
        tier: "db-f1-micro",
        ipConfiguration: {
            ipv4Enabled: false,
            privateNetwork: privateNetwork.id,
        },
    },
}, {
    provider: google_beta,
    dependsOn: [privateVpcConnection],
});

lemon-wire-69305

08/09/2021, 1:33 AM

GCP Deployment flow | Advice needed Hi all, I'm setting up a continuous deployment type flow at the moment with GCP and trying to get my head around where Pulumi fits into this. I have a fairly standard web-app where the frontend and backend have been split into separate projects. Traffic will be delegated via a GCP Load Balancer. I've also created a separate project

ops

which contains my Pulumi script. Here's what my project structure looks like:

- ops
- backend-app
- frontend-app

In production my architecture is essentially:

-> AppEngine (frontend-app)
                                     / 
                                    <http://www.my-site.com|www.my-site.com>
                                  /
http request -> GCP LOAD BALANCER
                                  \
                                    <http://api.my-site.com|api.my-site.com>
                                     \
                                       -> AppEngine (backend-app)

Flow-wise what I would like is: •

pulumi up

to create all GCP infrastructure from an empty project (including CloudBuild triggers). • Any time a change is pushed to the

master

branch of

frontend-app

a new AppEngine Version is created. Traffic is then migrated to this new Version. •

backend-app

flow should work similarly to the

frontend-app

For CI I plan to use Cloud Build. In the docs it seems the intended approach is to run the Pulumi script from CloudBuild. I could do this, however I have a few concerns: 1. The Pulumi script is in the separate

ops

project, and so I'd need to pull that project down from source control in a CloudBuild step. This is doable but doesn't seem ideal. 2. Pushes to the

master

branch in different projects will kick off multiple `pulumi up`'s at the same time - could this cause any race-condition type issues? 3. Is running

pulumi up

for the entire architecture for a single deploy too heavy handed? Could this introduce risk into the system? 4. This approach would require me to keep track of all project version numbers to ensure

pulumi up

is configured with the latest AppEngine version numbers. Where should I store these? 5. It doesn't seem like Pulumi automatically migrates traffic from one AppEngine version to a newer one. Would I need to do this as a separate build step? Any advice on my concerns, thinking, and approach would be much appreciated. I'm not sure whether this is the intended approach or if I'm missing something. Thanks!

lemon-wire-69305

08/10/2021, 3:46 AM

Hi everyone, I'm having trouble getting an object from GCS. My code looks like:

const bucketId = "<gs://my-bucket/my-file.json>";
const testData = gcp.storage.BucketObject.get("object-test", bucketId);
console.log(testData);

Running

pulumi up

gives me

Preview failed: resource '<gs://my-bucket/my-file.json>' does not exist

SO it seems that Pulumi does not like the value I'm giving it as the Id. Using

gsutil

I can however do:

gsutil cat <gs://my-bucket/my-file.json>

Which works fine. The bucket object was created outside of Pulumi and is private. Any ideas what value I should be using as the ID?

echoing-angle-67526

08/11/2021, 5:01 AM

Hello, it looks like there is currently no support for netapp cloud volumes in gcp: https://cloud.google.com/architecture/partners/netapp-cloud-volumes. are there any plans to support this? Should I create a feature request? there is an existing terraform provider https://github.com/NetApp/terraform-provider-netapp-gcp that pulumi could build on top of.

incalculable-xylophone-56140

08/18/2021, 12:08 PM

Dear GCP + Pulumi users, Do you create a new gcp-project for each stack? (dev, stage, production etc…) Or do you just use the same project for all stacks? Would appreciate if you could share some insights from your experience with either of those approaches…

ambitious-salesmen-39356

08/23/2021, 4:25 PM

Anyone in a position to comment on the level of maturity of pulumi's GCP support vs AWS? I'm considering taking a position at a company that is GCP-centric (never worked with it before, but extensive AWS experience) so I'm curious.

dry-florist-5950

08/24/2021, 1:49 PM

Hi, does anyone have any examples of how to link an API to a function for google cloud? e.g. Create an endpoint and set the target function? I have done this in AWS using pulumi and was able to point each route to a lambda. Is the equivalent possible in GC? I cant see much in the docs or online about this. Thanks in advance.

billions-glass-17089

08/26/2021, 7:28 PM

does anyone know how to setup vpc peering using the gcp native library? I’m having a difficult time finding it in the typescript sdk

numerous-pencil-44890

08/27/2021, 2:17 PM

Hi, I have one GCP project with a GKE cluster, our pulumi code is written so each stack creates a new namespace but they have access to some shared resources like Firestore. The issue is that whenever I create a new stack, which creates a new service account (workload identity), the permissions from the previous stacks get removed. Anyone ever seen this behavior before? The python code looks like:

firestore_iam = gcp.projects.IAMBinding(
    resource_name=f"{SHORT_NAME}-firestore-binding",
    project=project,
    role="roles/datastore.owner",
    members=[gcp_sa.email.apply(lambda email: f"serviceAccount:{email}")],
    opts=pulumi.ResourceOptions(provider=gcp_provider),
)

helpful-airport-41202

08/28/2021, 4:31 AM

So I'm successfully creating a Google Cloud bucket using Pulumi. However, how am I able to create an empty folder within that bucket? Seems a simple task, yet I can't seem to find anything in the Pulumi docs about it.