pulumi-community #google-cloud

Channels

google-cloud

damp-elephant-82829

07/05/2020, 6:37 PM

Cross posting from general: I want to share with you something extremely precious I have found out that can help a lot of people trying to use ephemeral project on GCP : https://github.com/terraform-google-modules/terraform-google-project-factory . Especially IAM wise, you will face a lot of challenges if you are not GCP Gurus. I am doing the same approach with Pulumi and it is working great. In particular this script helps a lot https://github.com/terraform-google-modules/terraform-google-project-factory/blob/master/helpers/setup-sa.sh

👍 1

curved-ghost-20494

07/06/2020, 3:27 PM

Nice find @damp-elephant-82829

damp-elephant-82829

07/07/2020, 10:23 AM

the only challenge I have is that I do not have an organization

proud-pharmacist-20003

07/07/2020, 7:06 PM

Hey folks, recent migrant from Terraform here looking to create a storage bucket using a

project.id

in the name

proud-pharmacist-20003

07/07/2020, 7:06 PM

Using Typescript and the following snippet:

proud-pharmacist-20003

07/07/2020, 7:06 PM

let bucket;
project.id.apply(projectId => {
    bucket = new gcp.storage.Bucket(`${projectId}-storage`);
});

proud-pharmacist-20003

07/07/2020, 7:08 PM

Does this seem idiomatic?

proud-pharmacist-20003

07/07/2020, 7:17 PM

If someone has an example of an alternate way to namespace their buckets using a project-derived attribute, or examples of bucket creation in general, I would appreciate a pointer in the right direction

many-dress-88879

07/07/2020, 11:40 PM

any body know which pulumi resources i do need to use for this change?

gsutil iam ch \
  serviceAccount:service-PROJECT_NUM@cloud-cdn-fill.iam.gserviceaccount.com:objectViewer \
  gs://[BUCKET]

many-dress-88879

07/08/2020, 5:39 PM

anybody @here used pulumi before for gcp cdn sign url?

hallowed-rain-9096

07/10/2020, 5:39 PM

new Config("gcp").Require("project")

a reasonable way to grab the project id out of config when needed? Are there downsides to this approach?

echoing-rain-5741

07/14/2020, 4:31 PM

I’m trying to setup GitHub actions (using these instructions) for running cicd with pulumi, but we get a error that the gcp plugin is not installed when we run the refresh step.

error: could not load plugin for gcp provider 'urn:pulumi:...::pulumi:providers:gcp::default': no resource plugin 'gcp' found in the workspace or on your $PATH

. I removed all the plugins locally, and found that the kubernetes plugin automatically downloads, but the gcp plugin doesn’t. Is this the way it’s supposed to be? I think i read somewhere that pulumi always automatically fetches the appropriate plugin

best-notebook-53829

07/20/2020, 10:04 AM

While discovering pulumi, I'm refering to docs and sample. Here for an instance example uses

scratch_disk

which could lead to unnecessary expense for people who copy / paste sample because it creates a local SSD storage of 375Go (30$/mont). I mention this because we don't see immediately the interface type means it'll create a local disk of 375Go. So just a remark not an issue by the way 🙂

big-sandwich-99015

07/25/2020, 5:43 AM

FREE Webinar "Get started with Infrastructure as Code on Google Cloud with Pulumi" When: Thursday, July 30, 2020 at 4:00 PM GMT+2 Hey everyone! Feel free to join this FREE Pulumi webinar with @broad-dog-22463 at GDG Cloud Nuremberg, which takes place already in a few days. Among other things, the authors of the best questions will receive cool Pulumi branded T-shirts 😃 https://www.meetup.com/GDG-Cloud-Nuremberg/events/272096502/

broad-dentist-41670

07/30/2020, 10:31 AM

Hey everyone! is there a way to gcp zones at a per-resource level in pulumi? I can only see a way to set zones at the provider-level...

proud-spoon-58287

08/03/2020, 4:23 PM

👋

👋 2

damp-elephant-82829

08/04/2020, 3:01 PM

Hello, how do I add a bucket policy to an existing bucket? Namely I need to add a policy on a service account so a bucket can be read

damp-elephant-82829

08/05/2020, 1:06 PM

Ok now I feel I have something for real

cloudRunServiceAccount = compute.get_default_service_account(project = project.project_id, opts = ResourceOptions(depends_on=[enableComputeEngine]))

fails like so: Exception: invocation of gcp:compute/getDefaultServiceAccount:getDefaultServiceAccount returned an error: invoking gcp:compute/getDefaultServiceAccount:getDefaultServiceAccount: Error when reading or editing GCE default service account: googleapi: Error 403: Compute Engine API has not been used in project 600057883572 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=600057883572 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured error: an unhandled error occurred: Program exited with non-zero exit code: 1

damp-elephant-82829

08/05/2020, 1:06 PM

but the statement above, enableComputeEngine, is the following

damp-elephant-82829

08/05/2020, 1:07 PM

enableComputeEngine = projects.Service(‘EnableComputeEngine’,project=project.project_id, service = ‘compute.googleapis.com’) cloudRunServiceAccount = compute.get_default_service_account(project = project.project_id, opts = ResourceOptions(depends_on=[enableComputeEngine]))

curved-ghost-20494

08/05/2020, 1:18 PM

does

pulumi refresh && pulumi up

work? I've had that same issue with a couple of services when enabling them in a project for the first time

curved-ghost-20494

08/07/2020, 10:19 AM

When configuring an event trigger

eventTrigger: {
      eventType: "providers/cloud.firestore/eventTypes/document.create",
      resource:
        "projects/[PROJECTNAME]/databases/(default)/documents/foos/{id}",
    },

curved-ghost-20494

08/07/2020, 10:19 AM

What's the best way to insert the "current" project name into that string

curved-ghost-20494

08/07/2020, 10:19 AM

I have a project for each deployment stage, and I want the project to be interpolated into that string dynamically

curved-ghost-20494

08/07/2020, 10:20 AM

Rather than creating a callbackFunction for each stage

helpful-processor-86468

08/14/2020, 11:49 AM

any clue why im getting:

gcp:organizations/getIAMPolicy:getIAMPolicy returned an error: grpc: error while marshaling: proto: repeated field Values has nil element

with:

scheduler_policy_func_invoker = organizations.get_iam_policy(bindings=[
        {
            "members": [job_account_member],
            "role": "roles/cloudfunctions.invoker",
        },
    ])

witty-queen-15449

08/18/2020, 11:23 PM

FYI, it looks like latest version of GCP provider has breaking changes for creating serviceAccounts: https://github.com/pulumi/pulumi-gcp/issues/410

cool-jordan-85318

08/21/2020, 2:55 PM

I want to create a Folder and within the newly created Folder add new Project. Therefore I do

const prodFolder = new Folder(name,
        {
          displayName: name,
          parent: "organizations/<org_id>",
        }
)}

const googleCloudProject = new gcp.organizations.Project(name,
        {
          name: "some-name",
          projectId: "some-id",
          folderId: folder.id,
        });

I receive this error

error: error creating project unicorn (Funke Infrastructure): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission

If I leave out the

folderId

in the Project creation above, the stuff works. What do I miss? I use an account having the requested permission, just in case, even if it does not look like this kind of error.

victorious-helmet-11068

08/24/2020, 3:38 PM

hi there! Today I’m rebuilding a GKE cluster.So I destroyed the old and re-applied the same code. I get:

victorious-helmet-11068

08/24/2020, 3:39 PM

" The network “fhd-network-4663654" does not have available private IP space in 10.0.0.0/8 to reserve a /14 block for containers for cluster”