Hoi ! I have the issue that the creation of pub/sub and datasets fail when i have configured an encryption key for them.
This setup requires the Encrypter/Decryptor role for the particular service accounts of pubsub and bigquery.
I use CryptoKeyIAMBinding to provide access the key for these services accounts.
I also added these bindings as an explicit dependency to the construction of the pubsub topc and the dataset.
When I look at the deployment, pulumi behaves as expected: it only starts the creation of the pubsub topics and the datasets after the key bindings are completed. so thats good.
however, it seems that additional time needs to be waited.
because when i rerun the deployment, it works just fine.
does anybody have a good idea for mitigations/solutions ?
is there a way to configure retires ?
or to introduce a “sleep” 🙈 ?
04/17/2020, 4:13 PM
Can you share the exact error you're seeing?
04/18/2020, 2:17 PM
I think it was a 403. Dont have the log anymore. I ll check on monday. and redo the deployment.
I was able to easily reproduce it multiple times.
so this was really famous last words… did tests yesterday and today. and couldnt reproduce it… the code works just fine. i rebuilt the stack multiple times and never had the issue again… weird.
04/21/2020, 3:23 PM
Ah, well glad to hear you're unblocked! Let me know if you run into this again