anyone else get an error like `Error 403 Cloud SQL Admin API

Question

anyone else get an error like `Error 403 Cloud SQL Admin API has not been used in project REDACTED before` except the project id in the error is in the wrong project If i run `pulumi up` from local as myself it deploys fine If i run `pulumi up` from our CD environment AFTER i ve deployed the database from my local it deploys fine and deploys other resources into the correct project BUT if I run `pulumi up` from our CD environment following a Pulumi destroy it gives me this error for the wrong project I checked the service account I m using and it has `Cloud SQL Admin` assigned in the correct project I am rather flummoxed

helpful-hair-30515 · Answer

try to give iam service account user role `roles iam serviceAccountUser` to SA and try again and i hope this API `<http sqladmin googleapis com|sqladmin googleapis com>` you enabled already

helpful-tent-95136 · Answer

I ve definitely enabled it in the correct project sweat smile I haven t enabled it in the wrong project but i shouldnt have to I don t want to accidentally deploy to the wrong project The service account also has service account user in the correct project at least

helpful-hair-30515 · Answer

I think its because cloudsql is serverless cloudsql creates vpc peering from google managed VPC where cloudsql instance launches by default to your custom VPC are you using service networking

helpful-hair-30515 · Answer

i just read this <https github com hashicorp terraform provider google issues 2194> can help you

helpful-tent-95136 · Answer

thank you Wow that s frustrating joy

helpful-tent-95136 · Answer

Guess I ll be enabling the API in the root project then smiling face with tear

helpful-hair-30515 · Answer

hopefully you resolve your issue now slightly smiling face

helpful-tent-95136 · Answer

Can confirm this resolved my issue Thanks for your help < helpful hair 30515> grin

helpful-hair-30515 · Answer

glad it worked kudos