Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
google-cloud
- g
green-school-95910
05/06/2020, 10:12 PMIf it was in a organization the admin can control the IAM and regain control over it - q
quiet-wolf-18467
05/06/2020, 10:12 PMBut even when I got my permissions back, all the GCloud service agents were gone. Nothing worked - g
green-school-95910
05/06/2020, 10:12 PMYeah, you'll have to create them back manually - g
green-school-95910
05/06/2020, 10:13 PMIf you really want the project back it can be done - g
green-school-95910
05/06/2020, 10:13 PMIt's just a lot of work - q
quiet-wolf-18467
05/06/2020, 10:13 PMI'll take 24 hours downtime and rebuild. It's not mission critical - q
quiet-wolf-18467
05/06/2020, 10:24 PMWhy didn't the preview show me this change, out of curiosity?g- 2
- 2
- q
quiet-wolf-18467
05/08/2020, 3:57 PMconst kamusKmsAdminPerms = new gcp.projects.IAMMember("kamus-kms-admin", { member: serviceAccount.email, role: "roles/cloudkms.admin", // May also need roles/cloudkms.cryptoKeyEncrypterDecrypter project: serviceAccount.project, }); - q
quiet-wolf-18467
05/08/2020, 3:58 PMThis won't destroy my project again, will it? CC @green-school-95910 🙂 - q
quiet-wolf-18467
05/08/2020, 3:58 PMSorry for the tag, but I don't want to ruin my weekend - h
hallowed-rain-9096
05/08/2020, 4:03 PMisn't deploying on Fridays against the rules anyway? 😉 - q
quiet-wolf-18467
05/08/2020, 4:06 PMIt worked 😮 - g
green-school-95910
05/08/2020, 4:11 PMYes, that is the way to do it. - g
green-school-95910
05/08/2020, 4:13 PMIt links one member in one of the role bindings From my experience, in all IaaS that I have used, managing full bindings directly never ends well - g
green-school-95910
05/08/2020, 4:15 PMIt is not even limited to destroy, you create a IAMBinding for the same role on more than one place and they would replace each other on every change. - q
quiet-wolf-18467
05/08/2020, 4:17 PMI don't know why
andIAMPolicy
exist, those are wildIAMBinding - g
green-school-95910
05/08/2020, 4:18 PMThey make sense on some very edge cases when you want to completely sync your permissions from somewhere else - h
hallowed-rain-9096
05/08/2020, 4:18 PMi use IAMPolicy scoped to a cloud run service, because I know exactly who should have any kind of access to that service. At a global level...yikes... 😱 - g
green-school-95910
05/08/2020, 4:18 PMI believe the permission sync from LDAP uses them - g
green-school-95910
05/08/2020, 4:20 PMYeah as @hallowed-rain-9096 said, at resource level they make more sense, even if they are still dangerous. If you do that on AppEngine you can make a lot of its internals stop working - h
hallowed-rain-9096
05/08/2020, 4:24 PMAppEngine is a weird beast anyway, especially with IAP - e
enough-engineer-49169
05/14/2020, 12:33 PMmessage has been deletedbfh- 4
- 8
- e
eager-table-17755
05/16/2020, 11:30 AMHello 👋 I'm not sure, whether this is the right channel... I'm using Pulumi (❤️ I love it so far) to deploy a Cloud Run service. During the new version release, I'd like to perform DB migrations, but I haven't found the right place to do it. It could happen on every container start, but that introduces a significant startup overhead 😞 Is there something like a hook, to execute, when a new service version is being deployed? - l
limited-rainbow-51650
05/18/2020, 10:47 AMOn Gitlab, I can create a CI secret variable that will be created as a file. In my case, this worked perfectly for the
. But how should I do it on Github Actions? Setting the secret to the content of the file doesn’t work. Should I create the file myself, passing the content of the secret and then setting anGOOGLE_APPLICATION_CREDENTIALS
variable in the workflow yaml script?env - l
limited-rainbow-51650
05/18/2020, 10:48 AMFor completeness, yes I found this: https://github.com/marketplace/actions/setup-gcloud-environment But adding this to my setup adds to my total Github Actions run time just to have the env variable set…. - l
limited-rainbow-51650
05/18/2020, 10:49 AM@broad-dog-22463 any idea here? - b
broad-dog-22463
05/18/2020, 10:51 AMWhen using GHA, I created a secret
and the GCP provider read thatGCP_CREDENTIALS - b
broad-dog-22463
05/18/2020, 10:51 AM - b
broad-dog-22463
05/18/2020, 10:52 AMFWIW, I also add the login - b
broad-dog-22463
05/18/2020, 10:52 AM
Title
b
broad-dog-22463
05/18/2020, 10:52 AMView count: 1