adorable-activity-71456
11/01/2022, 4:33 PMgorgeous-country-43026
11/02/2022, 11:30 AMError when reading or editing FirebaseProject "projects/myproject": googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the <http://firebase.googleapis.com|firebase.googleapis.com>. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see <https://cloud.google.com/docs/authentication/>. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check <https://cloud.google.com/apis/docs/system-parameters>.
fast-arm-63150
11/02/2022, 4:01 PM* Error waiting to create DomainMapping: resource is in failed state "Ready:False", message: Caller is not authorized to administer the domain 'api.dev-mgm...'. If you own 'api.dev-mgm...', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: <https://www.google.com/webmasters/verification/verification?domain=api.dev-mgm>... We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify '<http://example.com|example.com>' if you wish to map '<http://subdomain.example.com|subdomain.example.com>').
Is there programmatic way of solving this in pulumi without manually adding the user to google domains?gentle-nightfall-2327
11/08/2022, 7:52 PMgentle-nightfall-2327
11/08/2022, 7:53 PMfierce-market-67222
11/09/2022, 10:32 AMstraight-arm-50771
11/09/2022, 5:02 PMmysql-instance:
type: gcp:sql:DatabaseInstance
properties:
region: us-east4
databaseVersion: MYSQL_5_7
settings:
ipConfiguration:
authorizedNetworks:
- value: 0.0.0.0/0
tier: ${mysqlTier}
deletionProtection: ${dbProtection}
All resources of that same type have this issue gcp:sql:DatabaseInstance
I know I can force the project adding that to the resource config, but I shouldn't need to specify it on everything?
My pulumi config is set correctly:
config:
...
gcp:project: my-new-proj
...
gcloud config list:
[core]
account = <mailto:eph-deployer@old-proj.iam.gserviceaccount.com|eph-deployer@old-proj.iam.gserviceaccount.com>
disable_usage_reporting = True
project = my-new-proj
Your active configuration is: [default]
SA "eph-deployer" is Owner of "my-new-proj"
Also in bash env:
GOOGLE_PROJECT=my-new-proj
gorgeous-country-43026
11/14/2022, 8:38 AMlimited-continent-1382
11/14/2022, 10:28 AM<p>The requested URL <code>/v1beta1/<mailto:ctry-ten-de@circles.asia|ctry-ten-de@circles.asia>/memberships?alt=json</code> was not found on this server. <ins>That's all we know.</ins>
.limited-continent-1382
11/14/2022, 4:13 PMancient-twilight-67137
11/15/2022, 5:55 PMclever-painter-96148
11/15/2022, 6:43 PM@pulumi/gcp
or @pulumi/google-native
. How to make the right choice? πblue-leather-96987
11/16/2022, 4:41 AM* Error creating Job: googleapi: Error 403: The principal (user or service account) lacks IAM permission "iam.serviceAccounts.actAs" for the resource "<mailto:yyyy@xxxx.iam.gserviceaccount.com|yyyy@xxxx.iam.gserviceaccount.com>" (or the resource may not exist).
plain-gigabyte-40915
11/17/2022, 9:13 PMProjectsFunctions.getProject(GetProjectArgs.builder()
.filter("")
.build());
blue-television-20207
11/20/2022, 1:52 AMgoogle-native
and am getting an error when attempting to a create a IAM binding for a dead letter topic. Any help to get past this error would be appreciated. FWIW I've enabled the google IAM api, and am able to create the binding using the gcloud SDK without issues and also create the topic using pulumi. Thank you.
topic_iam_binding_args = pubsub.TopicIamBindingArgs(members=[member], name = dead_letter_topic, role = "roles/pubsub.publisher")
pubsub.TopicIamBinding(f"topic-iam-binding-dlq-{topic_id}", topic_iam_binding_args)
google-native:pubsub/v1:TopicIamBinding :
error: error fetching existing IAM Policy: googleapi: Error 501: The service cannot fulfill that request. [code=8606]
clever-painter-96148
11/21/2022, 9:02 AMjolly-window-25842
11/21/2022, 10:37 AMhelpful-tent-95136
11/28/2022, 7:33 AMpurple-animal-5107
11/30/2022, 4:10 PMdocker.Image
resource. When I do that I see errors with Docker trying to pull an image (this works locally though) e.g.
docker:image:Image Dockerfile warning: spawn docker ENOENT
docker:image:Image Dockerfile ' docker pull <http://eu.gcr.io/data-integrator-dev-367414/api|eu.gcr.io/data-integrator-dev-367414/api>' failed with exit code 1
docker:image:Image Dockerfile Building image '../../'...
docker:image:Image Dockerfile error: spawn docker ENOENT
docker:image:Image Dockerfile ' docker build -f Dockerfile --platform linux/amd64 ../../ -t <http://eu.gcr.io/data-integrator-dev-367414/api:latest|eu.gcr.io/data-integrator-dev-367414/api:latest>' failed with exit code 1
docker:image:Image Dockerfile error: Error: ' docker build -f Dockerfile --platform linux/amd64 ../../ -t <http://eu.gcr.io/data-integrator-dev-367414/api:latest|eu.gcr.io/data-integrator-dev-367414/api:latest>' failed with exit code 1
docker:image:Image Dockerfile ' docker build -f Dockerfile --platform linux/amd64 ../../ -t <http://eu.gcr.io/data-integrator-dev-367414/api:latest|eu.gcr.io/data-integrator-dev-367414/api:latest>' failed with exit code -2
docker:image:Image Dockerfile ' docker pull <http://eu.gcr.io/data-integrator-dev-367414/api|eu.gcr.io/data-integrator-dev-367414/api>' failed with exit code -2
...
Diagnostics:
docker:image:Image (Dockerfile):
error: Error: ' docker build -f Dockerfile --platform linux/amd64 ../../ -t <http://eu.gcr.io/data-integrator-dev-367414/api:latest|eu.gcr.io/data-integrator-dev-367414/api:latest>' failed with exit code 1
at /workspace/node_modules/@pulumi/docker.ts:592:15
at Generator.next (<anonymous>)
at fulfilled (/workspace/node_modules/@pulumi/docker/docker.js:18:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
error: spawn docker ENOENT
warning: spawn docker ENOENT
Has anyone seen this issue before or know what might be causing it?refined-carpet-42005
12/01/2022, 1:34 PMgcp:datacatalog:Tag
on columns using pulumi. The issue only happens sometimes and it's quite random which columns tags work on and which they don't π
One thing that's common for all of them though is that the tags are being successfully created in GCP, I can view them in the console and fetch them using the CLI. The problem is only that pulumi doesn't seem to be able to fetch them and I'm also not able to import them after the fact.curved-dream-12503
12/04/2022, 9:50 PM- step:
name: Update Infrastructure
oidc: true
deployment: production
script:
- *deps
- echo $BITBUCKET_STEP_OIDC_TOKEN > /tmp/oidc-token.txt
- export GOOGLE_CREDENTIALS=credential-config.json
- pulumi up --yes --cwd ${PULUMI_WORKING_DIRECTORY} -s ${PULUMI_STACK_NAME}
When running this pipeline I get the following error:
Diagnostics:
gcp:serviceAccount:Account (serviceAccount):
error: failed to load application credentials.
To use your default gcloud credentials, run:
`gcloud auth application-default login`
See <https://www.pulumi.com/registry/packages/gcp/installation-configuration/> for details.
Is pulumi supporting oidc workload federated service accounts?gifted-room-26715
12/05/2022, 6:37 PMcan we create GKE secrets using pulumi?
2. can we create secrets in google-secret-manager using pulumi?
3. can we specify the name for cloudsql instance using pulumi?
Thx.fancy-train-26893
12/06/2022, 1:00 AMpulumi up
hangs for 20 minutes, then results in this version conflict error:
gcp:cloudrun:Service (fut-core-api-staging):
error: 1 error occurred:
* updating urn:pulumi:fut-skills-staging::gcp-skills::gcp:cloudrun/service:Service::fut-core-api-staging: 1 error occurred:
* Error updating Service "locations/us-east4/namespaces/fut-skills-staging/services/fut-core-api-staging-d3bb4dc": googleapi: Error 409: Conflict for resource 'fut-core-api-staging-d3bb4dc': version '1669423190235241' was specified but current version is '1669424143299594'.
We tried running pulumi refresh
then pulumi up
. This worked one time, but not consistently. Any ideas?stocky-sundown-45608
12/06/2022, 9:26 AMstocky-sundown-45608
12/06/2022, 9:27 AMsparse-leather-70336
12/07/2022, 10:49 PMexport const errorOccuredPolicy = new gcp.monitoring.AlertPolicy(
'some_error_occured',
{
combiner: 'OR',
conditions: [
{
conditionThreshold: {
comparison: 'COMPARISON_GT',
thresholdValue: 0,
duration: '60s',
filter: `
resource.type="metric" AND
resource.labels.project_id="my_project_id" AND
resource.labels.name="<http://logging.googleapis.com/user/MY_USER_DEFINED_METRIC|logging.googleapis.com/user/MY_USER_DEFINED_METRIC>"
`,
},
displayName:
'an error of some type has occured',
},
],
displayName: pulumi.interpolate`${stack}: some error occured`,
notificationChannels: [opsgenieNotificationChannel.id],
}
);
bitter-winter-22829
12/09/2022, 2:48 PMGOOGLE_CREDENTIALS
env variable, I am trying to use gcloud configurations. However, I realised that pulumi is not respecting the active configuration and using default credentials.
gcloud configurations looking like this:
β ~ gcloud config configurations list
NAME IS_ACTIVE ACCOUNT
default False ...
staging True staging..@...<http://iam.gserviceaccount.com|iam.gserviceaccount.com>
and i was expecting pulumi to use staging service account to communicate to the provider. Is it something possible?
ps. i disabled the default providers and using NewProvider method.straight-arm-50771
12/14/2022, 2:22 PMgcp:container:Cluster
deployer with api gateway enabled? I donβt see any reference to it in the API docs. https://cloud.google.com/kubernetes-engine/docs/how-to/deploying-gateways#create-cluster-gatewayfuture-window-78560
12/15/2022, 1:16 PMvictorious-egg-55602
12/16/2022, 8:38 PM