Do anyone know why my pulumi show this? I don't change anything in my code?

pulumi preview
Previewing update (xxx-dev):
     Type                     Name               Plan       Info
     pulumi:pulumi:Stack      xxx-dev
 ~   ├─ gcp:compute:Instance  tuanlq-ocp         update     [diff: -attachedDisks]
 ~   ├─ gcp:compute:Instance  tuanlq-observer-0  update     [diff: -attachedDisks]
 ~   ├─ gcp:compute:Instance  tuanlq-observer-1  update     [diff: -attachedDisks]
 ~   └─ gcp:compute:Instance  tuanlq-observer-2  update     [diff: -attachedDisks]

result of

pulumi refresh

like below

~ gcp:compute/instance:Instance: (update)
        [id=...]
        [urn=...]
        [provider=...]
        --outputs:--
      - attachedDisks             : [
      -     [0]: {
              - deviceName             : "persistent-disk-1"
              - diskEncryptionKeyRaw   : [secret]
              - diskEncryptionKeySha256: ""
              - kmsKeySelfLink         : ""
              - mode                   : "READ_WRITE"
              - source                 : "<https://www.googleapis.com/compute/v1/projects/xxx/zones/us-central1-c/disks/tuanlq-ocp-home>"
            }
      -     [1]: {
              - deviceName             : "persistent-disk-2"
              - diskEncryptionKeyRaw   : [secret]
              - diskEncryptionKeySha256: ""
              - kmsKeySelfLink         : ""
              - mode                   : "READ_WRITE"
              - source                 : "<https://www.googleapis.com/compute/v1/projects/xxx/zones/us-central1-c/disks/tuanlq-ocp-data>"
            }
      -     [2]: {
              - deviceName             : "persistent-disk-3"
              - diskEncryptionKeyRaw   : [secret]
              - diskEncryptionKeySha256: ""
              - kmsKeySelfLink         : ""
              - mode                   : "READ_WRITE"
              - source                 : "<https://www.googleapis.com/compute/v1/projects/xxx/zones/us-central1-c/disks/tuanlq-ocp-log>"
            }
        ]
      + attachedDisks             : [secret]

Can’t use pulumi deployments to push docker image to GAR docker repository. It always returns

docker:index:Image docker-image **creating failed** error: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/my-project/locations/asia-south2/repositories/docker-registry"

The service account used in pulumi deployments has all required permissions

running

gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>

causes

Failed to get credentials for registry: <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>

Question: Phantom Locks? Hi all! First time poster--so apologies for any etiquette missteps! I’ve been using pulumi for a GCP project for almost a year now--implemented by someone else, and maintained by me. I’ve seen my fair share of orphaned locks through that time, and occasionally had to dig into our Google Cloud Storage bucket where those

.pulumi/locks

live, and delete them manually if push comes to shove. Today, however, my Github action that runs pulumi up (and has done so historically) is throwing an error after some rough treatment (

pulumi destroy/refresh/up

with some GUI interference).

error: the stack is currently locked by 1 lock(s). Either wait for the other process(es) to end or delete the lock file with `pulumi cancel`.
    <gs://mybucket//.pulumi/locks/test/33cd4732-e6ea-4e4f-a901-12777979d41a.json>: created by runner@fv-az267-906 (pid 2144) at 2023-07-16T18:45:19Z

And finally the puzzle: there is NO file at that URL. In fact, the entire locks directory is absent (as it usually is when there are no locks). This error is persisting even after

pulumi cancel/refresh/destroy

and I’m at my wit’s end! Has anyone seen this behavior before? Has anyone figured out how to get past it? Maybe resetting the stack some other way, or forcing the github action to refresh its cache? Thanks!

Hi I'm seeing this error even though it seems to be closed. As I say in my comment maybe the docs need updating? How am I supposed to use

google_native.monitoring.v3.UptimeCheckConfig

if the name is a mandatory string argument but GCP requires it not to be set

Has anyone here done a restore or a point-in-time recovery of a postgres database on gcp? What's the best approach - 1. create an additional database to clone the old database 2. have both databases running at the same time 3. remove the old database from the pulumi setup?

I am trying to import a resource by name from a gke cluster and having no luck (and the docs walk me in circles). It’s a namespace, but this I cannot seem to figure out the format and there is no

resourceID

in the metadata. What am I missing here? I’m trying variants on

{ import: 'us-central1/production-8b36c46/namespaces/traefik' }

Hey guys, newbie here. Apologies if this has already been asked but when is it expected for the GCP native provider to move out of public preview and be production ready. Also when this eventually happens is there any tooling that's been worked on for migration from classic to native?

i’m trying to create a cloud build trigger but i’m getting 400 invalid argument. Code in thread

Anyone see something particularly abhorrent about the below? seeing the attached output:

self.network: compute.Network = compute.Network(
            "master-network",
            auto_create_subnetworks=False,
            enable_ula_internal_ipv6=False,
            opts=pulumi.ResourceOptions(parent=self))
        
        self.subnet: compute.subnetwork = compute.Subnetwork(
            "sub-network",
            network=self.network.id,
            ip_cidr_range="10.2.204.0/22",
            private_ip_google_access=True,
            opts=pulumi.ResourceOptions(parent=self.network))
        
        self.nat_addresses: list[compute.Address] = [ 
            compute.Address(
                "gke-public-nat-address-1", 
                address_type="EXTERNAL",
                opts=pulumi.ResourceOptions(parent=self)),
    
            compute.Address(
                "gke-public-nat-address-2", 
                address_type="EXTERNAL",
                opts=pulumi.ResourceOptions(parent=self))
        ]

        self.router: compute.Router = compute.Router(
            "public-egress-router",
            network=self.network.self_link,
            opts=pulumi.ResourceOptions(parent=self)
        )
        
        self.router_nat: compute.RouterNat = compute.RouterNat(
            "public-egress-router-nat",
            router = self.router.id,
            nat_ip_allocate_option="MANUAL_ONLY",
            nat_ips=self.nat_addresses,
            source_subnetwork_ip_ranges_to_nat="ALL_SUBNETWORKS_ALL_IP_RANGES",
            opts=pulumi.ResourceOptions(
                parent=self.router))

image.png

ug, works find if i reference the router by name rather then id or self-link

anyone know why that is?

seems like some resources want a name and others an id. is that a gcp quirk?

is that a gcp quirk?

Based on my experience with GCP, probably. However, this might indicate a problem with the provider that we need to fix. If you’d like, you can open an issue on https://github.com/pulumi/pulumi-gcp with all your details, and our engineering team can see if this is something that requires further action.

Hi! Is there any way to wait for completion of bigquery jobs?

How do you create a gzip njson file in memory for BucketObject in GCS?

var jsonAsset = new pulumi.asset.StringAsset(`{"msg":"hello world"}\n`);

    this.jsonGZipFile = new gcp.storage.BucketObject(
      'myfolder/json-template.log.gz',
      {
        name: 'myfolder/json-template.log.gz',
        bucket: pulumi.interpolate`${args.bucket}`,
        contentType: 'application/x-ndjson',
        contentEncoding: 'gzip',
        source: jsonAsset,
      }
    );

File is created, but its an empty zip file.

Hello All, I have a problem with new Pulumi project (well its not new - but worked in the past - now fails on go configuration i think):

export PULUMI_CONFIG_PASSPHRASE="" && pulumi preview --config region=us-east4 --config env=dev --config aws:region=us-east4 --config configPath=config_files/us-east4-dev-poc.yaml --stack us-east4-dev-google-cloud-serviceaccount --show-config -v 5
Previewing update (us-east4-dev-google-cloud-serviceaccount):
Downloading plugin: 53.05 MiB / 53.05 MiB [=========================] 100.00% 5s
                                                                                [resource plugin gcp-6.59.0] installing
     Type                 Name                                                                          Plan     Info
     pulumi:pulumi:Stack  google-cloud-serviceaccount-example-us-east4-dev-google-cloud-serviceaccount           1 error; 3 messages


Diagnostics:
  pulumi:pulumi:Stack (google-cloud-serviceaccount-example-us-east4-dev-google-cloud-serviceaccount):
    Configuration:
        aws:region: us-east4
        google-cloud-serviceaccount-example:configPath: config_files/us-east4-dev-poc.yaml
        google-cloud-serviceaccount-example:env: dev
        google-cloud-serviceaccount-example:region: us-east4
    error: error in compiling Go: unable to run `go build`: exit status 1

    error obtaining VCS status: exit status 128
    	Use -buildvcs=false to disable VCS stamping.


make: *** [preview] Error 255

Is there a solution to error message suggesting to disable deletion_protection when deleting a SQL db even though deletion protection is disabled?

Hello! When using GCP KMS as secrets provider - what should be the purpose of the key used in Pulumi?

I’m getting the dreaded gcp auth plugin message. The problem with this is that my

kubectl

is

1.27.4

,

gke-gcloud-auth-plugin --version

is

Kubernetes v1.27.1-alpha+6c0cc8cd5a81955bcd5debf3c896710638878ebe

, I can

gcloud container clusters get-credentials ${CLUSTER_NAME} --project ${GOOGLE_CLOUD_PROJECT}

, I can

kubectl get namespaces

with no problem, and

kubectl config view

shows

command: gke-gcloud-auth-plugin

in there which I assume means that it is executing the plugin. So why, when I use

pulumi update

does it fail with this message?

error: failed to initialize discovery client: The gcp auth plugin has been removed.
    Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead.
    See <https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke> for further details

Is there a way to get the Access Token of the current running account for the GCP Classic provider? Equivalent of this from the Native provider: https://www.pulumi.com/registry/packages/google-native/api-docs/authorization/getclienttoken/

👋 has anyone tried enabling policy controller for a GKE cluster via pulumi? I’m struggling to find a parameter value for this in gcp.container.Cluster

Hi Just started using Pulumi for GCP using the Python Client. Is there a way to enable a GCP service (i.e., Secret Manager) using Pulumi? Thanks!

Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project xyz before or it is disabled

I am creating single tenant GCP projects using the organizations.Project in Python. Is there a recommended way to wait for the Project creation to be completed and then move onto creating other infrastructure assets? Thanks!

project_name = f"new-project-{client_codename}"
project = organizations.Project(project_name,
                                name=project_name,
                                billing_account="XXXXX-YYYYY-ZZZZZ", 
                                org_id="1234567890", 
                                project_id=project_name)

Hi, anyone encountered this issue with Go? It also does not work with Service type.

error: unrecognized resource type (Check): gcp:cloudrunv2/job:Job

<http://github.com/pulumi/pulumi-gcp/sdk/v6|github.com/pulumi/pulumi-gcp/sdk/v6> v6.65.0
	<http://github.com/pulumi/pulumi/sdk/v3|github.com/pulumi/pulumi/sdk/v3> v3.46.0

I see this errors in verbose logs

I0907 11:00:01.732824  609589 log.go:81] Provider[gcp, 0xc001b74230].Check(urn:pulumi:develop::xxxxxxxxx::gcp:cloudrunv2/job:Job::refreshjob) failed: err=unrecognized resource type (Check): gcp:cloudrunv2/job:Job
I0907 11:00:01.733404  609589 log.go:81] deploymentExecutor.Execute(...): error handling event: unrecognized resource type (Check): gcp:cloudrunv2/job:Job
I0907 11:00:01.733442  609589 log.go:81] eventSink::Error(<{%reset%}>unrecognized resource type (Check): gcp:cloudrunv2/job:Job<{%reset%}>)

Hi all, When I am running pulumi preview using go1.20.7 I get this error message:

Diagnostics:
  pulumi:pulumi:Stack (google-cloud-sql-example-us-east4-dev-google-cloud-sql-example):
    Configuration:
        aws:region: us-east4
        gcp:project: gcp-s1-dev-embedded-devops
        google-cloud-sql-example:configPath: config_files/us-east4-dev.yaml
        google-cloud-sql-example:env: dev
        google-cloud-sql-example:region: us-east4
    error: error in compiling Go: unable to run `go build`: exit status 1

    error obtaining VCS status: exit status 128
    	Use -buildvcs=false to disable VCS stamping.

Hi all, Im not sure if

pulumi_google_native

questions are suited for this channel. Let me know if there is a better channel for this question. I have created a `pulumi_google_native.cloudbuild.v1.Build`` resource with success. From what I can see in the

Cloud Build

->

Histroy

->

<Build-ID>

logs, everything appears to be going smoothly on the gcp side. However, as soon as the cloudbuild job completes, Pulumi raises an

AssertionError

File "./project_config/venv/lib/python3.11/site-packages/pulumi/runtime/rpc.py", line 893, in translate_output_properties
        raise AssertionError(
    AssertionError: Unexpected type; expected a value of type `<class 'str'>` but got a value of type `<class 'dict'>` at resource `django-operations`, property `timing.BUILD`: {'startTime': '2023-09-08T01:04:43.521767567Z', 'endTime': '2023-09-08T01:06:50.547510872Z'}

From what I can tell from debugging, it appears as if Pulumi is performing a translation of the output properties. During this operation, a type assertion is made for the

timing

property in the

Output

. It appears as though

pulumi_google_native/cloudbuild/v1/build.py

has the

timing

property getter defined as a

pulumi.Output[str]

. After digging through the gcp api docs (https://cloud.google.com/build/docs/api/reference/rest/v1/projects.builds) I believe the

timing

getter should be a

pulumi.Output[Mapping[str, Mapping[str, str]]]

. As a test, I made the change to the getter source and the

AssertionError

is no longer raised. Is this the correct fix? Is there another way this can be fixed without a code change? Perhaps an option to ignore the

Output

in the

Build

constructor or

ResourceOptions

.