any idea how to resolve this issue? i have secret manager enabled

I've been trying to upload a large file (> 1 GB) to GCS and it's a no-go. Here's the code:

// Create a storage object for installer
		_, err = storage.NewBucketObject(ctx, "installer-object",
			&storage.BucketObjectArgs{
				Bucket: bucket.Name,
				Source: pulumi.NewFileAsset("./assets/installer.tgz"),
			},
			pulumi.Timeouts(&pulumi.CustomTimeouts{Create: "10m", Update: "10m"}))
		if err != nil {
			return err
		}

But I keep getting this error after 1m...

google-native:storage/v1:BucketObject (installer-object):
    error: error sending upload request: Post "<https://storage.googleapis.com/upload/storage/v1/b/bucket-2f7c370/o?alt=json&name=installer-object-81c28a2&uploadType=multipart>": net/http: request canceled (Client.Timeout exceeded while awaiting headers): "<https://storage.googleapis.com/upload/storage/v1/b/asset-bucket-2f7c370/o?name=installer-object-81c28a2>" map[__autonamed:true bucket:asset-bucket-2f7c370 name:installer-object-81c28a2 source:0xc0004a94f0] 1820077047

...

Duration: 1m5s

Any way I can extend the underlying http client timeout? I tried the

pulumi.Timeouts(&pulumi.CustomTimeouts{Create: "10m", Update: "10m"})

option when calling

NewBucketObject

but it doesn't appear to do anything in this case.

I've also tried splitting it into 100MB files and uploading each of them... same problem

How to run

pulumi preview

of GCP stuff on Gitlab merge request pipeline with Workload Identity Federation json file for given environment? I don't have idea how to provide correct file from variables 😕

Has there been any progress or workaround for https://github.com/pulumi/pulumi-gcp/issues/827? This issue is holding us back switching from manually running Pulumi to running it in CI. We currently create services with Pulumi, but deploy updates using gcloud which sets annotations and updates the image which will diff in Pulumi after a refresh.

Howdy! Is it possible to create an AlloyDB instance in GCP with Pulumi?

Hello everyone! I am trying to get all the users who are members of a group by using this:

export function getUsers({ groupName }: GCPNamespaces) {
  const groupMembers = pulumi.output(
    gcp.cloudidentity.getGroupMemberships({
      group: groupName,
    })
  );
  console.log(groupMembers);

and I get this error:

error: Error: invocation of gcp:cloudidentity/getGroupMemberships:getGroupMemberships returned an error: invoking gcp:cloudidentity/getGroupMemberships:getGroupMemberships: 1 error occurred:
        * Error when reading or editing CloudIdentityGroupMemberships "": googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the <http://cloudidentity.googleapis.com|cloudidentity.googleapis.com>. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see <https://cloud.google.com/docs/authentication/>. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check <https://cloud.google.com/apis/docs/system-parameters>.
    Details:
    [
      {
        "@type": "<http://type.googleapis.com/google.rpc.ErrorInfo|type.googleapis.com/google.rpc.ErrorInfo>",
        "domain": "<http://googleapis.com|googleapis.com>",
        "metadata": {
          "consumer": "projects/764086051850",
          "service": "<http://cloudidentity.googleapis.com|cloudidentity.googleapis.com>"
        },

Has anyone run into this and know how to solve it?

Hi! I have created dual region bucket with location as

US-EAST1+US-WEST1

, and i tried to reapply the code once again. Ideally it should not do anything. But it says location changed from

US

to

US-EAST1+US-WEST1

and trying to delete the bucket and recreate it. Can someone help me to resolve this.

👋 I’m trying to create a regional network endpoint group for an apiGateway. I know this functionality is pre-GA. It seems like the gcp-classic provider has the ability to create NEGs with the type SERVERLESS, but it doesn’t support the apiGateway backend. The google-native provider does support this, but I’m stuck on (what I think is) a bug Then I thought, Oh! I can just create it and then import to see the differences, but… google native doesn’t have import? So now I’m a bit stuck. Does anyone have a workaround or ideas for this situation?

is there a way to create instance schedules for gce vm through pulumi?

Any ideas how to create a Cloud SQL PostgreSQL instance with a database of a custom collation strictly through Pulumi?

Hello folks, I’m struggling with the confluent cloud API, that we’re using to create a Kafka related resources (topics, SA, api keys, and what not). We have properly configured the GCP Marketplace integration, and I’m acting on the confluent platform as a member of my organization, but can’t manage to create a kafka topic. Any ideas what’s failing?

const topic = new KafkaTopic(
  args.name,
  {
    topicName: args.name,
    kafkaCluster: { id: cluster.id },
    restEndpoint: cluster.restEndpoint,
    credentials: {
      key: clusterSA.apiKey.name,
      secret: clusterSA.apiKey.secret,
     },
   },
 { parent: this }
);

   Type                                    Name                    Status                  Info
     pulumi:pulumi:Stack                     confluent-test          **failed**              1 error; 2 messages
     └─ nesto:kafka                          test                                            
 +      ├─ confluentcloud:index:KafkaTopic   test                    **creating failed**     1 error
 +      └─ confluentcloud:index:RoleBinding  test-environment-admin  **creating failed**     1 error
 
Diagnostics:
  pulumi:pulumi:Stack (confluent-test):
    2022/08/17 08:19:24 [DEBUG] POST <https://pkc-41voz>.<region>.gcp.confluent.cloud:443/kafka/v3/clusters/<cluster-id>/topics
 
    error: update failed
 
  confluentcloud:index:KafkaTopic (test):
    error: 1 error occurred:
        * error creating Kafka Topic: 401 Unauthorized: Unauthorized

I also tried it creating a Provider resource, then passing the latter as

opts

. Didn’t work either. Any insights will be greatly appreciated. Have a nice day,

Hi I keep getting 404 after

pulumi up

with google native while trying to deploy Cloud Run Job

import * as gcp from "@pulumi/google-native"

const region = "europe-west3"  // Frankfurt, Germany
const project = "my-gcp-project"
const appName = "my-app"

const provider = new gcp.Provider(
  "jan-provider",
  {
    project: project, 
    region: region, 
  }
)

const reg = new gcp.artifactregistry.v1.Repository(
  "repo",
  {
    description: "Hello repo world",
    format: "DOCKER",
    repositoryId: "rid"
  },
  {provider}
)

const job = new gcp.run.v2.Job(
  "job",
  {
    jobId: 'myjob',
    template: {
      taskCount: 1,
      template: {
        maxRetries: 0,
        timeout: "600s",
        containers: [
          {
            image: `${region}-docker.pkg.dev/${project}/rid/${appName}:1-amd64`,
          }
        ]
      }
    },
  },
  {provider}
)

Can anyone tell me what am I doing wrong?

error: error sending request: googleapi: Error 404: Requested entity was not found.:
 "<https://run.googleapis.com/v2/projects/my-gcp-project/locations/europe-west3/jobs?jobId=myjob>"
  map[__autonamed:true jobId:myjob location:europe-west3 name:projects/my-gcp-project/locations/europe-west3/jobs/job-255417b
  project:my-gcp-project template:map[taskCount:1 template:map[containers:[map[image:europe-west3-docker.pkg.dev/my-gcp-project/rid/my-app:1-amd64]] maxRetries:0 timeout:600s]]]

I am using Pulumi to create a dataproc cluster. When I run

preview --refresh --diff

, I see a diff on the cluster for the

machineTypeUri

property. The weird thing is that the diff is of the form:

"<https://www.googleapis.com/compute/v1/projects/MY_PROJECT_ID/zones/us-east4-b/machineTypes/c2-standard-8>" => "c2-standard-8"

I initially set

machineTypeUri

to "c2-standard-8" but I am guessing that GCP updates this with the full URI. How can I make this stop causing a diff? I know I could add

config.workerConfig.machineTypeUri

to

ignoreChanges

but I'm not sure that's a great approach - if it changes outside of Pulumi, I think I'd want Pulumi to know and deal with it. Also, somewhat related: on this page, https://www.pulumi.com/registry/packages/gcp/api-docs/dataproc/cluster/#clusterclusterconfigworkerconfig , it shows that there is a property named

machineType

. But the actual code requires a config property named

machineTypeUri

-

machineType

doesn't seem to be a valid name.

For GCP alert Notification Channels for Slack (https://www.pulumi.com/registry/packages/gcp/api-docs/monitoring/notificationchannel/) does anyone know how the slack refresh token can be used? I see the sensitive label for auth token, but not refresh token.

Trying to create a

gcp.iam.WorkloadIdentityPoolProvider

but with no luck. To me this is looking like a bug in Pulumi's implementation (or terraform since it has been generated from it). I'm basing this on the error I get, it's a 404 from Google endpoint with URL (obfuscated slightly, but it's still valid:

<p>The requested URL <code>/v1beta/projects/my-gcp-project/locations/global/workloadIdentityPools/projects/my-gcp-project/locations/global/workloadIdentityPools/my-workload-pool/providers?alt=json&workloadIdentityPoolProviderId=github</code> was not found on this server.  <ins>That's all we know.</ins>

Please note the doubling of the

/projects/my-gcp-project/locations/global/workloadIdentityPools

part in the URL. No wonder it gets a 404. I'm just double checking if I'm not misinterpreting this before I create an issue?

hi friends, this is probably really simple, but I'm trying to create a gcp instance and a gcp instance group using the pulumi python API. The code for this looks like:

instance = gcp.compute.Instance(...a bunch of args)
instance_group = gcp.compute.InstanceGroup(instances=[instance.self_link], ...other args)

When I run pulumi pre, I get

AttributeError: 'NoneType' object has no attribute 'self_link'

, so it looks like the instance is

None

. Are there any tips on how I debug what to do next?

Hello! I can't find the API to add GKE zonal NEGs to my backend service. I'm trying to find the equivalent of this gcloud command: https://cloud.google.com/kubernetes-engine/docs/how-to/standalone-neg#add_backends is this supported? thanks in advance!

Just out of curiosity, can I do anything about this? I mean, my local

gcloud

has been setup accordingly and doesn't complain anymore but Pulumi executions do:

pulumi:pulumi:Stack (my-stack):
    W0829 14:00:19.388176   16096 gcp.go:120] WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead.
    To learn more, consult <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke>

Is it possible to configure OAuth 2.0 Client IDs with Pulumi? Especially to add more Authorized JavaScript origins and redirect URIs?

After upgrading the node dependency

@pulumi/google-native

all of the DNS records I created will be 'replaced' with identical records with a new

urn

. I predict that this could cause disruptions in our DNS. Any ideas on how to avoid the replacement while still being able to upgrade the dependency?

I'm having trouble creating a

ProjectIamPolicy

in a new stack: When I try, I get an error:

Copy code

error: object retrieval failure after successful create / read state: googleapi: got HTTP response code 404 with body

(followed by the 404 body). If I use curl to query GCP for the directly policy, I get a response, containing a full policy. The policy clearly exists in GCP but Pulumi somehow can't find it. I'm thinking of trying to modify the state of the stack by adding the basic JSON for a policy (based on an example from a different stack's state I exported to a file) but this seems like a questionable way to fix it. Has anyone else run into this? Does anyone have a suggestion on how to fix this?

Is there anyway to edit aws-auth config map with pulumi?

I am getting this error in codebuild

-- kubernetes:apps/v1:Deployment allrites-frontend deleting original error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
    kubernetes:core/v1:ConfigMap allrites-frontend-config  
 -- kubernetes:apps/v1:Deployment allrites-frontend **deleting failed** error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

Hi there, I pulled pulumi-google-native 0.25.0 version this morning and trying to do pulumi preview. I get the following error with the latest version. I could do the preview when I tried the same with 0.14.0 last week. Any thoughts on this? I'm using pulumi version 3.38.0

error: Preview failed: unable to find required configuration setting: GCP Project
Set the GCP Project by using:
	`pulumi config set gcp:project <project>`

So, I have a situation where I have a DNS registered to project A and it is setup there into a DNS zone. All fine. Now I also have a project B where I have a GKE running and it has an ingress. I want to bind this domain to that ingress IP address without having to do copy-pasting addresses over to different codebases. My initial thoughts on this are: 1. Read the other project state file and deduct the IP address from there. But as far as I have understood this is not possible but can only be done over different stacks? 2. Retrieve the managed cluster object via

gcp.container.getCluster

and proceed from there to get the ingress. I do not see however an immediate logical way to proceed to get the ingress object and its IP via this route 3. Bind the domain on project B cluster definition via its

dnsConfig

attribute but I think this won't work and would only work on the same project? 4. Bite the bullet and just do copy-pasting over. Not happy if I have to do this but might be the only reasonable choice

We have a two stack set up (dev/prod) we built out the dev side just fine (@pulumi/gcp@6.32) and when we went to run it on the prod side we get a bunch of strange errors:

Bestowinc/bestow-self-hosted/main (pulumi:pulumi:Stack)
error: update failed
 
prod-tai-windows-server-ip (gcp:compute:Address)
error: error reading from server: EOF
 
prod-tai-nat (gcp:compute:RouterNat)
error: error reading from server: EOF
 
prod-tai-sql-server (gcp:sql:DatabaseInstance)
error: error reading from server: EOF

Any Ideas? Full diagnostics in a thread…

I am running into a weird issue. My Cloud Run services do not have their environment variables stored in pulumi. The https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrun/service/#servicetemplatespeccontainer resource in the pulumi state is actually barely populated, it's not even an array

Hey, any joy/idea on this from Friday? https://pulumi-community.slack.com/archives/CRFUR2DGB/p1662753735357129