https://pulumi.com logo
Title
h

helpful-tent-95136

07/07/2021, 11:09 AM
anyone else get an error like
Error 403: Cloud SQL Admin API has not been used in project [REDACTED] before
except the project id in the error is in the wrong project? If i run
pulumi up
from local as myself, it deploys fine. If i run
pulumi up
from our CD environment AFTER i've deployed the database from my local, it deploys fine, and deploys other resources into the correct project. BUT if I run
pulumi up
from our CD environment following a Pulumi destroy, it gives me this error for the wrong project. I checked the service account I'm using and it has
Cloud SQL Admin
assigned in the correct project! I am rather flummoxed
h

helpful-hair-30515

07/07/2021, 11:26 AM
try to give iam service account user role
roles/iam.serviceAccountUser
to SA and try again and i hope this API
<http://sqladmin.googleapis.com|sqladmin.googleapis.com>
you enabled already.
h

helpful-tent-95136

07/07/2021, 11:35 AM
I've definitely enabled it in the correct project 😅 I haven't enabled it in the wrong project, but i shouldnt have to -- I don't want to accidentally deploy to the wrong project. The service account also has service account user -- in the correct project at least.
h

helpful-hair-30515

07/07/2021, 11:43 AM
I think its because cloudsql is serverless...cloudsql creates vpc peering from google managed VPC(where cloudsql instance launches by default) to your custom VPC...are you using service networking
h

helpful-tent-95136

07/07/2021, 11:51 AM
thank you! Wow that's frustrating 😂
Guess I'll be enabling the API in the root project then 🥲
h

helpful-hair-30515

07/07/2021, 11:54 AM
hopefully you resolve your issue now 🙂
h

helpful-tent-95136

07/08/2021, 1:49 AM
Can confirm, this resolved my issue! Thanks for your help @helpful-hair-30515! 😁
👋 1
👍 1
h

helpful-hair-30515

07/08/2021, 2:06 AM
glad it worked!!! kudos!!!