This message was deleted.
# google-cloud
s
This message was deleted.
a
r
Hey @average-plastic-1653 ! Couple of quick questions. Are you running Pulumi CLI? Is it being run locally? If so you need to use the gcloud cli to determine which account is active on your machine. The Pulumi provider for GCP will use the logged in credentials to execute the Pulumi up commands. This could mean that itโ€™s logged in as your personal account. Additionally. Google recommends to not use the Default Service account for the provisioning of IaC for anything more than a PoC. Itโ€™s always better to create service accounts. Provide permissions to the service account and then grant the service account user role to yourself to use that service account for IaC in development. I believe you will find your issue is that the gcloud cli authenticated account is not the default service account and therefore Pulumi is not using that account when your execute Pulumi up.
a
Yes I am using the CLI locally; will check that, thanks. Understood on using default service; will create a specific one.
r
Sweet! Let us know how you go with this!
a
Still getting the issue ๐Ÿ˜ž I have confirmed: 1. I'm logged in using jmajor-cntr@soteria.io a. gcloud auth application-default login 2. Active Google project using gcloud config get-value project 3. The default compute SA has: a. Secret Manager Admin b. Secret Manager Secret Accessor c. Secret Manager Secret Version Adder 4. My account has "Editor" and "Service Account User" role assigned 5. ran the config set cmd: a. pulumi config set gcp:project your-gcp-project-id
ok the problem was as follows: code returns a 403:
Copy code
secret = secretmanager.Secret("opensearch-password",
    project = project.name,
code returns a 404:
Copy code
secret = secretmanager.Secret("my-password",
    project = project.id,
code that works:
Copy code
secret = secretmanager.Secret("opensearch-password",
    project = project.project_id,
โœ… 1
that took a while but got there in the end ๐Ÿ˜‚
r
Good to hear!
๐Ÿ‘ 1