Im getting the following error when after enabling secretman Pulumi Community #google-cloud

Im getting the following error when after enabling...

average-plastic-1653

09/16/2023, 12:33 AM

Im getting the following error when after enabling secretmanager service:

Copy code

Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project dfir-jmtest0915-03-c99a0803a5d before or it is disabled. Enable it by visiting <https://console.developers.google.com/apis/api/secretmanager.googleapis.com/overview?project=dfir-jmtest0915-03-c99a0803a5d> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

The services are enabled here:

Copy code

# List of services to be enabled
services_to_enable = [
    "<http://secretmanager.googleapis.com|secretmanager.googleapis.com>",
    "<http://compute.googleapis.com|compute.googleapis.com>",  # Compute Engine API
    "<http://batch.googleapis.com|batch.googleapis.com>",  # Batch API
    "<http://workflows.googleapis.com|workflows.googleapis.com>",  # Workflows API
    "<http://eventarc.googleapis.com|eventarc.googleapis.com>",  # Eventarc API
    "<http://pubsub.googleapis.com|pubsub.googleapis.com>"  # Cloud Pub/Sub API
]

# Enable each service
for service_id in services_to_enable:
    service = projects.Service(
        service_id, 
        project=project.project_id, 
        service=service_id,
        disable_dependent_services=True
    )

# Export the service id of the last servce to be enabled
pulumi.export("service_id", service_id)
pulumi.export("project_id", project.project_id)

the secret is created here

Copy code

# Create the secret 
secret = secretmanager.Secret("opensearch-password",
    project = project.project_id,
    replication=secretmanager.SecretReplicationArgs(
        user_managed=secretmanager.SecretReplicationUserManagedArgs(
            replicas=[
                secretmanager.SecretReplicationUserManagedReplicaArgs(
                    location="us-east1",
                ),
            ],
        ),
    ),
    secret_id="opensearch-password"
)

pulumi.export("secret.name", secret.name)
pulumi.export("secret.id", secret.id)

secret_version =  secretmanager.SecretVersion("opensearch-password-version",
    secret=secret.id,
    secret_data=os_service.service_password)

pulumi.export("secret_version.name", secret_version.name)
pulumi.export("secret_version.id", secret_version.id)

average-plastic-1653

09/16/2023, 12:35 AM

If I rerun pulumi up, the error is resolved. how do I avoid the timing issue?

billowy-army-68599

09/16/2023, 3:04 AM

This is an eventual consistency problem on the Google cloud api. You can run a sleep inside an apply to resolve it

average-plastic-1653

09/17/2023, 7:21 PM

thanks @billowy-army-68599 for the hint!

average-plastic-1653

09/20/2023, 6:50 PM

I am following up on this as it may prove helpful to others. enabling the Secret Manager API:

Copy code

secret_manager_api = projects.Service(
        "secret-manager-api-service",
        project=project.project_id, 
        service="<http://secretmanager.googleapis.com|secretmanager.googleapis.com>",
        disable_dependent_services=True
)
pulumi.export('secret_manager_service_id', secret_manager_api.id)

Added a depends_on when creating the secret in GCP Secret Manager:

Copy code

# Create the secret 
ossecret = secretmanager.Secret("opensearch-secret",
    opts=pulumi.ResourceOptions(depends_on=[secret_manager_api]),
    project = project.project_id,
    replication=secretmanager.SecretReplicationArgs(
        user_managed=secretmanager.SecretReplicationUserManagedArgs(
            replicas=[
                secretmanager.SecretReplicationUserManagedReplicaArgs(
                    location="us-east1",
                ),
            ],
        ),
    ),
    secret_id="opensearch-password"
)

2 Views

Open in Slack

Previous Next