https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
google-cloud
  • c

    cuddly-father-4905

    11/29/2021, 5:32 PM
    Should issues be raised on GitHub for resources that are missing in the
    google-native
    package? I wasn't sure if the fact that it's in preview means "we're still adding all of the resources" or "all of the resources are there and we're just battle-testing things now"
    t
    • 2
    • 1
  • h

    hallowed-cat-56281

    11/30/2021, 5:42 PM
    Question for GCP users, am I the only one to regularity encounter
    443: connect: no route to host
    errors randomly while updating/deploying a stack?
    g
    • 2
    • 3
  • f

    fast-easter-23401

    11/30/2021, 6:59 PM
    Hi everybody, I've been struggling to import a
    gcp.pubsub.SubscriptionIAMBinding
    resource. I got first this error:
    gcp:pubsub:SubscriptionIAMBinding (communications-applications-worker-iam-binding):
        error: Preview failed: importing projects/<my-project-id>/subscriptions/<my-subscription-name>/roles/pubsub.subscriber: Wrong number of parts to Binding id [projects/<my-project-id>/subscriptions/<my-subscription-name>/roles/pubsub.subscriber]; expected 'resource_name role [condition_title]'.
    Then, at the suggestions of @green-school-95910 (many thanks), I used a two-part string including the resource name and the role attached to the binding separated by a whitespace. But then I got the following error:
    gcp:pubsub:SubscriptionIAMBinding (communications-applications-worker-iam-binding):
        error: Preview failed: importing projects/<my-project-id>/subscriptions/<my-subscription-name> roles/pubsub.subscriber: project: required field is not set
    I'm a bit puzzled, as the resource name does indeed contain a reference to the project. Here's my code (I'm using TS):
    const communicationsApplicationsWorker = new gcp.pubsub.SubscriptionIAMBinding(
      'communications-applications-worker-iam-binding',
      {
        project: projectId,
        members: [
          `serviceAccount:${serviceAccountEmail}`,
        ],
        role: 'roles/pubsub.subscriber',
        subscription: subscriptionName,
      },
      {
        import:
          `projects/${projectId}/subscriptions/${subscriptionName} roles/pubsub.subscriber`,
        protect: true,
      }
    );
    Any ideas what I'm doing wrong? Many thanks 🙂
    p
    g
    • 3
    • 28
  • t

    tall-photographer-1935

    12/07/2021, 11:05 PM
    When attempting to create a Cloud SQL User using Pulumi Classic (Python), I receive this error:
    error: expected non-nil error with nil state during Create of urn:pulumi:dev::****::gcp:sql/user:User::db user addl-user1 in **
    code sample:
    gcp_classic_db_user.User(resource_name=f'db user {user_args.username} in {created_instance_name}',
                                                args=user_args.database_user_args,
                                                opts=ResourceOptions(depends_on=self.instance))
    Any ideas on how to fix this?
    g
    • 2
    • 12
  • f

    flaky-evening-60547

    12/10/2021, 6:54 PM
    I’m trying to create a gcp project using Pulumi, but I’m getting this error:
    Type                          Name           Plan       Info
     +   pulumi:pulumi:Stack           lazy-test-dev  create
         └─ gcp:organizations:Project  asdfasdfasdf              1 error
    
    Diagnostics:
      gcp:organizations:Project (asdfasdfasdf):
        error: could not validate provider configuration: 2 errors occurred:
            * Invalid or unknown key
            * Invalid or unknown key
    How do I debug this? I was able to create a gcp project in a different pulumi project.
    b
    • 2
    • 3
  • h

    happy-gpu-24908

    12/10/2021, 11:28 PM
    Hi there, is there any way to set cloud run revision traffic tag?
    e
    • 2
    • 11
  • s

    some-continent-7311

    12/13/2021, 12:24 PM
    Hello everyone. I can’t seem to figure out how to specify a GCP service account in
    imagePullSecrets
    to be able to pull images from a private GCP Registry Container. I would appreciate if anyone could point out to a tutorial. Thank you!
    q
    g
    • 3
    • 9
  • a

    able-camera-57198

    12/14/2021, 6:54 PM
    Hitting a very weird issue trying to set up a BackendBucket:
    Error 400: Invalid value for field 'resource.cdnPolicy.defaultTtl': '3600'. default_ttl cannot be specified with USE_ORIGIN_HEADERS cache_mode., invalid
    What's interesting is that I'm not specifying a
    DefaultTtl
    (C#). Yet for some reason, Pulumi must be coming up with one and providing it to the provider?
    • 1
    • 1
  • a

    able-camera-57198

    12/14/2021, 7:29 PM
    Also getting another weird one when trying to update a URLMap:
    Error updating UrlMap ".......": googleapi: Error 412: Invalid fingerprint., conditionNotMet
    This URLMap was created fine with the same code, but suddenly has started failing on updates.
  • b

    billions-glass-17089

    12/16/2021, 10:51 PM
    notice there's a flag on the GCP cli to create cloud functions without authentication, how does one do the same via pulumi? https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--allow-unauthenticated
    t
    • 2
    • 3
  • q

    quiet-plastic-34312

    12/20/2021, 2:47 PM
    anyone can help me ... iwas trying publish a image on gcp using cloud run and create a noauthIamPolicy after to let access the endpoint... i create the json key and set the rules for iam at iam polices tab... when i run pulumi local it was normal but when i try the cicd integration i get that error
    Diagnostics:
    gcp:cloudrun:IamPolicy (noauthIamPolicy):
    anyone know how to solve it?
    b
    • 2
    • 4
  • s

    sparse-butcher-73713

    12/22/2021, 7:37 AM
    good morning everyone! does anyone know if the load balanced frontends we create in GKE as a service are charged separately by GCP? I can't find pricing info on that
    p
    • 2
    • 20
  • s

    sparse-butcher-73713

    12/22/2021, 8:15 AM
    also, does anyone know how to control the node count in the new google-native pkg? it seems that there's only a setting for the initial node count
    b
    f
    • 3
    • 15
  • f

    fast-arm-63150

    12/28/2021, 8:58 AM
    Hi all, has anyone figured out a robust way to activate GCP services with python? I still often run into this error: "Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project XXXXX before or it is disabled." using the following code: _enable_service = projects.Service(service_name, disable_dependent_services=True, project=project_id, service=service_api )
    q
    p
    t
    • 4
    • 17
  • m

    miniature-country-26754

    12/29/2021, 1:06 PM
    Did anyone try to configure Cloud Armour ? https://www.pulumi.com/registry/packages/gcp/api-docs/compute/securitypolicy/#securitypolicyadaptiveprotectionconfig My code looks like:
    adaptive_protection_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigArgs( 
            layer7_ddos_defense_config=gcp.compute.SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfigArgs(enable=None)
        ),
    It fails with: error: gcp:compute/securityPolicy:SecurityPolicy resource 'XXXX' has a problem: Invalid or unknown key. Examine values at 'SecurityPolicy.AdaptiveProtectionConfig.Layer7DdosDefenseConfig'.
  • c

    cold-night-79049

    12/30/2021, 10:18 AM
    Hi, I’m working with pulumi to create external HTTP(S) load balancers in GCP using the classic provider I’m having trouble with enabling IAP to protect to a backend service Using the GCP console all you need to do is toggle the name of the backend service from the identity-aware proxy window and all things are taken care of (creating of OAuth token, adding the necessary redirect URI and connecting the backend service to that OAuth token) I’m not quite understand how to enable it in pulumi  In backendService pulumi resource i have iap parameter consist of oauth2_client_id  and  oauth2_client_secret  But When I assign value to this parameters and run pulumi up it seems it does not really create the OAuth token and the redirect URI How can I create them? And can it be automatically similar to the GCP console process?
  • a

    abundant-yacht-50678

    12/30/2021, 5:01 PM
    Hi all - cross posting here as it may be a specific issue with GCP imports, any help very much appreciated - https://pulumi-community.slack.com/archives/C84L4E3N1/p1640822053153800
  • e

    eager-room-52651

    01/06/2022, 2:28 PM
    Hey all - is anyone managing a GCP project via pulumi? I'm trying to enable GCP APIs and hitting a type error. I'm passing in a list of service APIs to enable but pulumi is interpreting the list as as a string. Example:
    project = gcp.projects.Service(PROJECT_NAME,
                disable_dependent_services=True,
                project=PROJECT_ID,
                service=["<http://compute.googleapis.com|compute.googleapis.com>", "<http://container.googleapis.com|container.googleapis.com>"])
    out put:
    AssertionError: Unexpected type. Expected 'list' got '<class 'str'>'
    g
    b
    • 3
    • 14
  • c

    curved-summer-41191

    01/06/2022, 4:10 PM
    Is there an issue installing the GCP plugin on M1?
    ❯ pulumi plugin install resource gcp v3.25.0
    [resource plugin gcp-3.25.0] installing
    error: [resource plugin gcp-3.25.0] downloading from : 403 HTTP error fetching plugin from <https://get.pulumi.com/releases/plugins/pulumi-resource-gcp-v3.25.0-darwin-arm64.tar.gz>
    b
    • 2
    • 10
  • q

    quiet-plastic-34312

    01/06/2022, 7:39 PM
    anyone have a simple example of gcp cloud functions to deploy fastapi or flask in python pulumi ?
    g
    • 2
    • 3
  • b

    billions-glass-17089

    01/06/2022, 10:34 PM
    is there documentation on how to contribute to the google-native project?
    b
    • 2
    • 3
  • f

    fast-arm-63150

    01/11/2022, 6:04 PM
    Hi all I'm trying to set up a cloud SQL instance on GCP but it requires a password from GCP secret manager - when I try to create the sql USER with the secret using secretmanager.get_secret_version, I get an error on pulumi up about how the secret does not exist - I surmise this is because it's still being created? I thought get_secret_version would wait until the resource was created?
    g
    p
    • 3
    • 28
  • e

    eager-room-52651

    01/13/2022, 3:00 PM
    hey yall - i'm trying to create a new GCP project then create a VPC within that project. However, when i'm creating a VPC, it doesn't seem to be able to find my project. Any thoughts? code in thread
    w
    • 2
    • 5
  • q

    quick-wolf-8403

    01/14/2022, 7:23 PM
    Hi folks! Another GCP SecretsManager thing. I'm trying to create some secrets, using google-native instead of gcp. I'm getting confused about what the Replication field needs. Trying this:
  • q

    quick-wolf-8403

    01/14/2022, 7:23 PM
    secret, err := secretmanager.NewSecret(ctx,
    "myTestSecret",
    &secretmanager.SecretArgs{
    Replication: secretmanager.ReplicationArgs{},
    SecretId:    pulumi.String("joebob"),
    }, nil)
    b
    • 2
    • 12
  • q

    quick-wolf-8403

    01/14/2022, 7:24 PM
    Getting this:
    google-native:secretmanager/v1:Secret (myTestSecret):
        error: error sending request: googleapi: Error 400: Secret.replication must be specified.: "<https://secretmanager.googleapis.com/v1/projects/nocap-demo/secrets?secretId=joebob>" map[project:nocap-demo replication:map[] secretId:joebob]
  • a

    aloof-leather-66267

    01/17/2022, 5:37 AM
    How can I put an external load balancer in front of Cloud Run? I see examples for BackendServices, but not serverless NEGs.
    p
    • 2
    • 7
  • a

    aloof-leather-66267

    01/19/2022, 12:13 AM
    How can I set a Cloud Run Service to be publicly accessible?
    • 1
    • 1
  • s

    some-continent-7311

    01/19/2022, 11:07 AM
    Hello everyone. We run our software in GKE and use PostgreSQL Cloud SQL as database backend. We want to use PgBouncer as connection pool middleware, implemented as a microservice in GKE. Is there any good Pulumi tutorial on how to achieve that? Thank you.
    p
    • 2
    • 14
  • a

    aloof-leather-66267

    01/19/2022, 11:00 PM
    I added an annotation to a Cloud Run Service. When I run
    pulumi up
    , it says the change was made. However, in reality no change was made, and running
    pulumi preview
    still shows the change as pending.
Powered by Linen
Title
a

aloof-leather-66267

01/19/2022, 11:00 PM
I added an annotation to a Cloud Run Service. When I run
pulumi up
, it says the change was made. However, in reality no change was made, and running
pulumi preview
still shows the change as pending.
View count: 4