Channels
#google-cloud
- b
brash-alligator-49865
09/13/2022, 7:36 PMHi everyone, lovely to be here! Love GCP and lova Pulumi! - q
quiet-laptop-13439
09/15/2022, 1:36 PManyone knows how pulumi caches gcp credentials? I'm getting ACCESS_TOKEN_EXPIRED and logging in again doesn't help - q
quiet-laptop-13439
09/16/2022, 9:20 AMcrickets - b
brash-alligator-49865
09/18/2022, 9:56 AMHi all, was anyone able to make KMS work? I tried both options with existing project/region/keyring in https://www.pulumi.com/docs/intro/concepts/secrets/ - b
brash-alligator-49865
09/18/2022, 9:56 AMbut when i set up a secret it continues to use Pulumi local yaml đ - b
brash-alligator-49865
09/18/2022, 9:56 AMIs it just me? - b
brash-alligator-49865
09/18/2022, 9:57 AMI also believe the semantic is wrong: the example asks you to provide a KEY but I believe you should provide a KEYRING to support multiple secrets: - b
brash-alligator-49865
09/18/2022, 9:57 AMpulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/cryptoKeys/payroll>" - b
brash-alligator-49865
09/18/2022, 9:57 AMi would have thought this would make much more sense:pulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/>" - b
brash-alligator-49865
09/18/2022, 9:59 AMunless I just misunderstood and the KMS key is single and its just used to decrypt the local keys? This would make also sense.g- 2
- 1
- f
famous-kite-52506
09/22/2022, 1:32 PM@sparse-park-68967 Hi, I was wondering was is the ETA for the native gcp provider release (out of preview)? In the meantime, I guess it is safer to use the classic provider?ge- 3
- 2
- g
gorgeous-country-43026
09/23/2022, 8:16 AMHmm. It looks like Google APIs do not allow managing Firebase projects via normal
authenticated users but you are forced to use a service account? Is this true and is there any way to go around this? I mean,gcloud auth
is much better security wise for IaC unless one setups infrastructure setup into CI/CD but then one cannot really do development locally. Any tips or tricks or am I screwed?gcloud auth - b
bulky-minister-91867
09/23/2022, 12:45 PMHello all, I am trying to use "Google native" and GCS backend together. I need them to use different service accounts. "Google native" unlike "GCP classic" does not allow to set credentials in the code. And I am having issues with the credentials conflicting with each other. I tried a few things but couldn't get it to work. Does someone know a way around this issue maybe? - g
gentle-nightfall-2327
09/26/2022, 4:57 PMHi Peeps, does anyone here perhaps have a take on creating resources cross project? - g
gentle-nightfall-2327
09/26/2022, 5:00 PMMy situation is that I registered Domains via Google Domains in a "shared" project and would now like to front services in Cloud Run with subdomains of these domains.đ 1 - f
future-window-78560
09/26/2022, 5:14 PMHello Team, Can we use same bucket name in different accounts For eg#
inbucket01
and<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>
inbucket01
especially when<mailto:gcpacc22@gmail.com|gcpacc22@gmail.com>
is deleted I get this error so I have to change the bucket name in the script every time which is a manual step in the automation process and we need to avoid that<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>Copy codegoogleapi: Error 409: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again., conflictb- 2
- 1
- f
future-window-78560
09/26/2022, 5:24 PMAlso, Team!! We need to know if creating a new GCP project is possible without specifying any project_ID in the pulumi script? Our purpose is to have a console-free IAC which is possible through pulumi but we have to create a GCP project manually first because we need a project ID as input for creating a new GCP project.a- 2
- 1
- b
brash-alligator-49865
09/28/2022, 6:25 PMHAfsa, AFAIK Resource Manager doesnt allow you to create a project without a starting project. So my humble opinion is that you cant.â 1 - a
aloof-leather-66267
10/03/2022, 3:21 AMHow can I import a
with thegcp:serviceAccount/key:Key
? When I runserviceAccountId
with thepulumi import
andname
, I get a warning thatid
is missing, even if I add it to the JSON file. I can still complete the import, but the state is created without theserviceAccountId
, and if I add it to the code, Pulumi thinks it's a different resource and wants to replace the imported one.serviceAccountIdf- 2
- 3
- d
delightful-monkey-90700
10/03/2022, 5:12 PMI'm trying to use a GCP Secret to coordinate a job between a Schedule which runs periodically and an Google Cloud Run function which it invokes via HTTP (since that seems to be the only mechanism for doing this). How do I get the value of a Secret within Pulumi, to pass to the Job ?b- 2
- 2
- i
incalculable-flag-48574
10/04/2022, 3:00 PMHi, I created a static web site on gcp with the template static-website-gcp-typescript and now I want to secure the HttpProxy with SSL. I found this doc (https://www.pulumi.com/registry/packages/gcp/api-docs/compute/sslcertificate) with a "SSL Certificate Target Https Proxies" section but it's empty (coming soon!). Do you know when this config would be available and would you have an example ? Thanks a lot.mr- 3
- 6
- b
billowy-nightfall-59212
10/18/2022, 9:53 PMHi, I am trying to create a service account and assign it a role. Here is the sample code.Copy codep, err := serviceaccount.NewAccount(ctx, "prom-frontend", &serviceaccount.AccountArgs{ AccountId: pulumi.String("prom-frontend"), DisplayName: pulumi.String("prom-frontend"), Project: pulumi.String(c.Project), }) if err != nil { return err } // create Project Iam policy binding for the service account to the role roles/storage.admin _, err = serviceaccount.NewIAMBinding(ctx, "foo-bar-iam-binding", &serviceaccount.IAMBindingArgs{ Role: pulumi.String("roles/storage.admin"), Members: pulumi.StringArray{ pulumi.String("serviceAccount:prom-frontend@experiments.iam.gserviceaccount.com"), }, ServiceAccountId: p.Name, }) if err != nil { return err }b- 2
- 4
- j
jolly-addition-88642
10/18/2022, 10:28 PMHi everyone! Pulumi noob here. I have an existing cert in GCP and I'm trying to do an import of a self managed cert but I always get warnings about a missing private_key. I figure I am running the command incorrectly. Do I need to specify a private key file during the import, though that is not an available option for this command.. When doing an import with terraform it worked fine with just a reference to the cert name and id in GCP. pulumi import gcpcompute/sSLCertificateSSLCertificate test_cert my_gcp_project/test_cert Any help appreciated. https://www.pulumi.com/registry/packages/gcp/api-docs/compute/sslcertificate/ Error:Copy codewarning: One or more imported inputs failed to validate. This is almost certainly a bug in the `gcp` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program. warning: gcp:compute/sSLCertificate:SSLCertificate resource 'test_cert' has a problem: Missing required argument: The argument "private_key" is required, but no definition was found.. Examine values at 'SSLCertificate.PrivateKey'. - b
billowy-nightfall-59212
10/20/2022, 6:14 PMA friendly ping! I would appreciate some help.b- 2
- 2
- m
microscopic-cpu-38113
10/25/2022, 11:22 AMdoes anyone have any reference or website to share regarding the migration of existing production workload that's managed by Terraform to Pulumi? Our workload mostly are deployed on GCP but seems like the gcp-native providers doesn't even support a project import, please share your migration experience if any, TIA! - t
thousands-pizza-93362
10/25/2022, 11:47 PMHow do i change the health check path for cloudrun? - t
thousands-pizza-93362
10/25/2022, 11:47 PMI cant find the option anywhere in the cloud run service files - t
thousands-pizza-93362
10/25/2022, 11:48 PMthe docs show a probe option, but it doesnât exist in the typescript filesr- 2
- 1
- a
adorable-activity-71456
11/01/2022, 4:32 PMHey Pulumi Folks, we are running into an issue. We have an engineer that can run
andimport
commands in other projects, but there is one project where these commands hang. Other folks (I confirmed it myself) can run these commands on the project in question, so it is not a project configuration issue. I had her run with verbose logging using:previewCopy code
and there looks like there is an issue with something timing out and retrying. Here is a section of the log, right before it just keeps retrying:pulumi preview --logtostderr --logflow -v=9 2> out.txtCopy codeI1101 11:16:43.185967 7746 eventsink.go:59] RegisterResource RPC prepared: t=gcp:monitoring/alertPolicy:AlertPolicy, name=gcp.monitoring.AlertPolicy.tealiumSlackAbandonmentAlertPolicyV1 I1101 11:16:43.185995 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResource RPC prepared: t=gcp:monitoring/alertPolicy:AlertPolicy, name=gcp.monitoring.AlertPolicy.tealiumSlackAbandonmentAlertPolicyV1<{%reset%}>) I1101 11:16:43.186782 7746 eventsink.go:59] RegisterResourceOutputs RPC prepared: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground I1101 11:16:43.186810 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC prepared: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground<{%reset%}>) I1101 11:16:43.187671 7746 eventsink.go:59] RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: I1101 11:16:43.187702 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: <{%reset%}>) I1101 11:16:43.188499 7746 eventsink.go:59] RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: I1101 11:16:43.188525 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: <{%reset%}>) I1101 11:17:09.970503 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - Get "<https://openidconnect.googleapis.com/v1/userinfo?alt=json>": Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout I1101 11:17:09.970558 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - Get "<https://openidconnect.googleapis.com/v1/userinfo?alt=json>": Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>) I1101 11:17:09.970944 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout I1101 11:17:09.970983 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>) I1101 11:17:09.971231 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout I1101 11:17:09.971265 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>) I1101 11:17:09.971552 7746 eventsink.go:59] Waiting 500ms before next tryg- 2
- 2
- a
adorable-activity-71456
11/01/2022, 4:32 PMAny ideas?