brash-alligator-49865
09/13/2022, 7:36 PMquiet-laptop-13439
09/15/2022, 1:36 PMquiet-laptop-13439
09/16/2022, 9:20 AMbrash-alligator-49865
09/18/2022, 9:56 AMbrash-alligator-49865
09/18/2022, 9:56 AMbrash-alligator-49865
09/18/2022, 9:56 AMbrash-alligator-49865
09/18/2022, 9:57 AMbrash-alligator-49865
09/18/2022, 9:57 AMpulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/cryptoKeys/payroll>"
brash-alligator-49865
09/18/2022, 9:57 AMpulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/>"
brash-alligator-49865
09/18/2022, 9:59 AMfamous-kite-52506
09/22/2022, 1:32 PMgorgeous-country-43026
09/23/2022, 8:16 AMgcloud auth
authenticated users but you are forced to use a service account? Is this true and is there any way to go around this? I mean, gcloud auth
is much better security wise for IaC unless one setups infrastructure setup into CI/CD but then one cannot really do development locally. Any tips or tricks or am I screwed?bulky-minister-91867
09/23/2022, 12:45 PMgentle-nightfall-2327
09/26/2022, 4:57 PMgentle-nightfall-2327
09/26/2022, 5:00 PMfuture-window-78560
09/26/2022, 5:14 PMbucket01
in <mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>
and bucket01
in <mailto:gcpacc22@gmail.com|gcpacc22@gmail.com>
especially when <mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>
is deleted
I get this error so I have to change the bucket name in the script every time which is a manual step in the automation process and we need to avoid that
googleapi: Error 409: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again., conflict
future-window-78560
09/26/2022, 5:24 PMbrash-alligator-49865
09/28/2022, 6:25 PMaloof-leather-66267
10/03/2022, 3:21 AMgcp:serviceAccount/key:Key
with the serviceAccountId
?
When I run pulumi import
with the name
and id
, I get a warning that serviceAccountId
is missing, even if I add it to the JSON file. I can still complete the import, but the state is created without the serviceAccountId
, and if I add it to the code, Pulumi thinks it's a different resource and wants to replace the imported one.delightful-monkey-90700
10/03/2022, 5:12 PMincalculable-flag-48574
10/04/2022, 3:00 PMbillowy-nightfall-59212
10/18/2022, 9:53 PMp, err := serviceaccount.NewAccount(ctx, "prom-frontend",
&serviceaccount.AccountArgs{
AccountId: pulumi.String("prom-frontend"),
DisplayName: pulumi.String("prom-frontend"),
Project: pulumi.String(c.Project),
})
if err != nil {
return err
}
// create Project Iam policy binding for the service account to the role roles/storage.admin
_, err = serviceaccount.NewIAMBinding(ctx, "foo-bar-iam-binding", &serviceaccount.IAMBindingArgs{
Role: pulumi.String("roles/storage.admin"),
Members: pulumi.StringArray{
pulumi.String("serviceAccount:prom-frontend@experiments.iam.gserviceaccount.com"),
},
ServiceAccountId: p.Name,
})
if err != nil {
return err
}
jolly-addition-88642
10/18/2022, 10:28 PMwarning: One or more imported inputs failed to validate. This is almost certainly a bug in the `gcp` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
warning: gcp:compute/sSLCertificate:SSLCertificate resource 'test_cert' has a problem: Missing required argument: The argument "private_key" is required, but no definition was found.. Examine values at 'SSLCertificate.PrivateKey'.
billowy-nightfall-59212
10/20/2022, 6:14 PMmicroscopic-cpu-38113
10/25/2022, 11:22 AMthousands-pizza-93362
10/25/2022, 11:47 PMthousands-pizza-93362
10/25/2022, 11:47 PMthousands-pizza-93362
10/25/2022, 11:48 PMadorable-activity-71456
11/01/2022, 4:32 PMimport
and preview
commands in other projects, but there is one project where these commands hang. Other folks (I confirmed it myself) can run these commands on the project in question, so it is not a project configuration issue. I had her run with verbose logging using:
pulumi preview --logtostderr --logflow -v=9 2> out.txt
and there looks like there is an issue with something timing out and retrying. Here is a section of the log, right before it just keeps retrying:
I1101 11:16:43.185967 7746 eventsink.go:59] RegisterResource RPC prepared: t=gcp:monitoring/alertPolicy:AlertPolicy, name=gcp.monitoring.AlertPolicy.tealiumSlackAbandonmentAlertPolicyV1
I1101 11:16:43.185995 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResource RPC prepared: t=gcp:monitoring/alertPolicy:AlertPolicy, name=gcp.monitoring.AlertPolicy.tealiumSlackAbandonmentAlertPolicyV1<{%reset%}>)
I1101 11:16:43.186782 7746 eventsink.go:59] RegisterResourceOutputs RPC prepared: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground
I1101 11:16:43.186810 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC prepared: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground<{%reset%}>)
I1101 11:16:43.187671 7746 eventsink.go:59] RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp:
I1101 11:16:43.187702 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: <{%reset%}>)
I1101 11:16:43.188499 7746 eventsink.go:59] RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp:
I1101 11:16:43.188525 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>RegisterResourceOutputs RPC finished: urn=urn:pulumi:playground::best-airflow::pulumi:pulumi:Stack::best-airflow-playground; err: null, resp: <{%reset%}>)
I1101 11:17:09.970503 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - Get "<https://openidconnect.googleapis.com/v1/userinfo?alt=json>": Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout
I1101 11:17:09.970558 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - Get "<https://openidconnect.googleapis.com/v1/userinfo?alt=json>": Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>)
I1101 11:17:09.970944 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout
I1101 11:17:09.970983 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - Post "<https://oauth2.googleapis.com/token>": dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>)
I1101 11:17:09.971231 7746 eventsink.go:59] Dismissed an error as retryable. marked as timeout - dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout
I1101 11:17:09.971265 7746 eventsink.go:62] eventSink::Debug(<{%reset%}>Dismissed an error as retryable. marked as timeout - dial tcp: lookup <http://oauth2.googleapis.com|oauth2.googleapis.com>: i/o timeout<{%reset%}>)
I1101 11:17:09.971552 7746 eventsink.go:59] Waiting 500ms before next try
adorable-activity-71456
11/01/2022, 4:32 PM