https://pulumi.com logo
#google-cloud
Title
# google-cloud
t

thousands-knife-3009

03/11/2024, 3:49 AM
I'm encountering an odd issue. I'm trying to create an SSH public key in a project, which requires the oslogin api to be enabled. I've enabled oslogin within the project where the key will be created but when i run pulumi up, i get an error that oslogin isn't enabled in the GCP project of the pulumi storage back-end. Here's my resources:
Copy code
gcp_oslogin_api = pulumi_gcp.projects.Service(
            f"oslogin_service_api",
            service="oslogin.googleapis.com",
            project=gcp_project.project_id,
            disable_dependent_services=True,
            disable_on_destroy=True,
            opts=pulumi.ResourceOptions(
                parent=gcp_project,
                depends_on=[gcp_resource_manager_api]
            )
        )

my_name_my_co_ssh_key = pulumi_gcp.oslogin.SshPublicKey(
    'my_name_public_key',
    key='my-key',
    user='my email',
    project=gcp_project.project_id,
    opts=pulumi.ResourceOptions(
        parent=gcp_project,
        depends_on=[
            gcp_project,
            gcp_oslogin_api
        ],
    ),
)
Here's the error I'm getting:
Copy code
gcp:oslogin:SshPublicKey (my_name_public_key):
    error: 1 error occurred:
    	* Error creating SSHPublicKey: googleapi: Error 403: Cloud OS Login API has not been used in project project_id_pulumi before or it is disabled. Enable it by visiting <https://console.developers.google.com/apis/api/oslogin.googleapis.com/overview?project=project_id_pulumi> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
    Details:
    [
      {
        "@type": "type.googleapis.com/google.rpc.Help",
        "links": [
          {
            "description": "Google developers console API activation",
            "url": "<https://console.developers.google.com/apis/api/oslogin.googleapis.com/overview?project=project_id_pulumi>"
          }
        ]
      },
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "domain": "googleapis.com",
        "metadata": {
          "consumer": "projects/project_id_pulumi",
          "service": "oslogin.googleapis.com"
        },
        "reason": "SERVICE_DISABLED"
      }
    ]
I have confirmed that oslogin is enabled in the project referenced by
gcp_project.project_id
Clicking the link for
<https://console.developers.google.com/apis/api/oslogin.googleapis.com/overview?project=project_id_pulumi>
takes me to a GCP page to enable the API in the project that is used to house the GCP storage bucket and the GCP service account that has privs to create and manage
gcp_project.project_id
d

dry-keyboard-94795

03/11/2024, 10:56 AM
It can take a few minutes to enable apis in a project. Is it working now?
Oh, I see you're doing it as part of the stack. Pulumi should be waiting for the service to be available. Can you report this here please: https://github.com/pulumi/pulumi-gcp/issues
t

thousands-knife-3009

03/11/2024, 1:22 PM
The issue isn't that it's trying to use the API before Google is done enabling it. The issue is that it's looking for the API in a project other than the project where the ssh key is being added.
d

dry-keyboard-94795

03/11/2024, 1:23 PM
Oh, your provider has one project, which is being used to manage another project? This is expected behaviour, the api needs enabling in the project your provider uses
t

thousands-knife-3009

03/11/2024, 1:25 PM
why does the api need to be enabled in the provider project when the api will only be used in the sub project? nothing regarding ssh keys is referencing the provider project.
d

dry-keyboard-94795

03/11/2024, 1:26 PM
I'm unsure, it's something I've encountered in the past, and is how the cli behaves too
t

thousands-knife-3009

03/11/2024, 1:26 PM
🤔