Question for GCP users, am I the only one to regularity encounter

443: connect: no route to host

errors randomly while updating/deploying a stack?

Hi everybody, I've been struggling to import a

gcp.pubsub.SubscriptionIAMBinding

resource. I got first this error:

gcp:pubsub:SubscriptionIAMBinding (communications-applications-worker-iam-binding):
    error: Preview failed: importing projects/<my-project-id>/subscriptions/<my-subscription-name>/roles/pubsub.subscriber: Wrong number of parts to Binding id [projects/<my-project-id>/subscriptions/<my-subscription-name>/roles/pubsub.subscriber]; expected 'resource_name role [condition_title]'.

Then, at the suggestions of @green-school-95910 (many thanks), I used a two-part string including the resource name and the role attached to the binding separated by a whitespace. But then I got the following error:

gcp:pubsub:SubscriptionIAMBinding (communications-applications-worker-iam-binding):
    error: Preview failed: importing projects/<my-project-id>/subscriptions/<my-subscription-name> roles/pubsub.subscriber: project: required field is not set

I'm a bit puzzled, as the resource name does indeed contain a reference to the project. Here's my code (I'm using TS):

const communicationsApplicationsWorker = new gcp.pubsub.SubscriptionIAMBinding(
  'communications-applications-worker-iam-binding',
  {
    project: projectId,
    members: [
      `serviceAccount:${serviceAccountEmail}`,
    ],
    role: 'roles/pubsub.subscriber',
    subscription: subscriptionName,
  },
  {
    import:
      `projects/${projectId}/subscriptions/${subscriptionName} roles/pubsub.subscriber`,
    protect: true,
  }
);

Any ideas what I'm doing wrong? Many thanks 🙂

When attempting to create a Cloud SQL User using Pulumi Classic (Python), I receive this error:

error: expected non-nil error with nil state during Create of urn:pulumi:dev::****::gcp:sql/user:User::db user addl-user1 in **

code sample:

gcp_classic_db_user.User(resource_name=f'db user {user_args.username} in {created_instance_name}',
                                            args=user_args.database_user_args,
                                            opts=ResourceOptions(depends_on=self.instance))

Any ideas on how to fix this?

I’m trying to create a gcp project using Pulumi, but I’m getting this error:

Type                          Name           Plan       Info
 +   pulumi:pulumi:Stack           lazy-test-dev  create
     └─ gcp:organizations:Project  asdfasdfasdf              1 error

Diagnostics:
  gcp:organizations:Project (asdfasdfasdf):
    error: could not validate provider configuration: 2 errors occurred:
        * Invalid or unknown key
        * Invalid or unknown key

How do I debug this? I was able to create a gcp project in a different pulumi project.

Hi there, is there any way to set cloud run revision traffic tag?

Hello everyone. I can’t seem to figure out how to specify a GCP service account in

imagePullSecrets

to be able to pull images from a private GCP Registry Container. I would appreciate if anyone could point out to a tutorial. Thank you!

Hitting a very weird issue trying to set up a BackendBucket:

Error 400: Invalid value for field 'resource.cdnPolicy.defaultTtl': '3600'. default_ttl cannot be specified with USE_ORIGIN_HEADERS cache_mode., invalid

What's interesting is that I'm not specifying a

DefaultTtl

(C#). Yet for some reason, Pulumi must be coming up with one and providing it to the provider?

Also getting another weird one when trying to update a URLMap:

Error updating UrlMap ".......": googleapi: Error 412: Invalid fingerprint., conditionNotMet

This URLMap was created fine with the same code, but suddenly has started failing on updates.

notice there's a flag on the GCP cli to create cloud functions without authentication, how does one do the same via pulumi? https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--allow-unauthenticated

anyone can help me ... iwas trying publish a image on gcp using cloud run and create a noauthIamPolicy after to let access the endpoint... i create the json key and set the rules for iam at iam polices tab... when i run pulumi local it was normal but when i try the cicd integration i get that error

Diagnostics:

gcp:cloudrun:IamPolicy (noauthIamPolicy):

anyone know how to solve it?

good morning everyone! does anyone know if the load balanced frontends we create in GKE as a service are charged separately by GCP? I can't find pricing info on that

also, does anyone know how to control the node count in the new google-native pkg? it seems that there's only a setting for the initial node count

Hi all, has anyone figured out a robust way to activate GCP services with python? I still often run into this error: "Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project XXXXX before or it is disabled." using the following code: _enable_service = projects.Service(service_name, disable_dependent_services=True, project=project_id, service=service_api )

Did anyone try to configure Cloud Armour ? https://www.pulumi.com/registry/packages/gcp/api-docs/compute/securitypolicy/#securitypolicyadaptiveprotectionconfig My code looks like:

adaptive_protection_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigArgs( 
        layer7_ddos_defense_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigArgs(enable=None)
    ),

It fails with: error: gcpcompute/securityPolicySecurityPolicy resource 'XXXX' has a problem: Invalid or unknown key. Examine values at 'SecurityPolicy.AdaptiveProtectionConfig.Layer7DdosDefenseConfig'.

Hi, I’m working with pulumi to create external HTTP(S) load balancers in GCP using the classic provider I’m having trouble with enabling IAP to protect to a backend service Using the GCP console all you need to do is toggle the name of the backend service from the identity-aware proxy window and all things are taken care of (creating of OAuth token, adding the necessary redirect URI and connecting the backend service to that OAuth token) I’m not quite understand how to enable it in pulumi  In backendService pulumi resource i have iap parameter consist of oauth2_client_id  and  oauth2_client_secret  But When I assign value to this parameters and run pulumi up it seems it does not really create the OAuth token and the redirect URI How can I create them? And can it be automatically similar to the GCP console process?

Hi all - cross posting here as it may be a specific issue with GCP imports, any help very much appreciated - https://pulumi-community.slack.com/archives/C84L4E3N1/p1640822053153800

Hey all - is anyone managing a GCP project via pulumi? I'm trying to enable GCP APIs and hitting a type error. I'm passing in a list of service APIs to enable but pulumi is interpreting the list as as a string. Example:

project = gcp.projects.Service(PROJECT_NAME,
            disable_dependent_services=True,
            project=PROJECT_ID,
            service=["<http://compute.googleapis.com|compute.googleapis.com>", "<http://container.googleapis.com|container.googleapis.com>"])

out put:

AssertionError: Unexpected type. Expected 'list' got '<class 'str'>'

Is there an issue installing the GCP plugin on M1?

❯ pulumi plugin install resource gcp v3.25.0
[resource plugin gcp-3.25.0] installing
error: [resource plugin gcp-3.25.0] downloading from : 403 HTTP error fetching plugin from <https://get.pulumi.com/releases/plugins/pulumi-resource-gcp-v3.25.0-darwin-arm64.tar.gz>

anyone have a simple example of gcp cloud functions to deploy fastapi or flask in python pulumi ?

is there documentation on how to contribute to the google-native project?

Hi all I'm trying to set up a cloud SQL instance on GCP but it requires a password from GCP secret manager - when I try to create the sql USER with the secret using secretmanager.get_secret_version, I get an error on pulumi up about how the secret does not exist - I surmise this is because it's still being created? I thought get_secret_version would wait until the resource was created?

hey yall - i'm trying to create a new GCP project then create a VPC within that project. However, when i'm creating a VPC, it doesn't seem to be able to find my project. Any thoughts? code in thread

Hi folks! Another GCP SecretsManager thing. I'm trying to create some secrets, using google-native instead of gcp. I'm getting confused about what the Replication field needs. Trying this:

secret, err := secretmanager.NewSecret(ctx,

"myTestSecret",

&secretmanager.SecretArgs{

Replication: secretmanager.ReplicationArgs{},

SecretId:    pulumi.String("joebob"),

}, nil)

Getting this:

google-native:secretmanager/v1:Secret (myTestSecret):
    error: error sending request: googleapi: Error 400: Secret.replication must be specified.: "<https://secretmanager.googleapis.com/v1/projects/nocap-demo/secrets?secretId=joebob>" map[project:nocap-demo replication:map[] secretId:joebob]

How can I put an external load balancer in front of Cloud Run? I see examples for BackendServices, but not serverless NEGs.

How can I set a Cloud Run Service to be publicly accessible?

Hello everyone. We run our software in GKE and use PostgreSQL Cloud SQL as database backend. We want to use PgBouncer as connection pool middleware, implemented as a microservice in GKE. Is there any good Pulumi tutorial on how to achieve that? Thank you.

I added an annotation to a Cloud Run Service. When I run

pulumi up

, it says the change was made. However, in reality no change was made, and running

pulumi preview

still shows the change as pending.

I'm using pulumi automation to setup different gcp projects using the same infra code. I'm trying to setup the service account in runtime, but I didn't not find any example so far. Does anyone has this case or could appoint me a direction?