https://pulumi.com logo
#google-cloud
Title
# google-cloud
f

fast-arm-63150

12/28/2021, 8:58 AM
Hi all, has anyone figured out a robust way to activate GCP services with python? I still often run into this error: "Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project XXXXX before or it is disabled." using the following code: _enable_service = projects.Service(service_name, disable_dependent_services=True, project=project_id, service=service_api )
q

quiet-wolf-18467

12/28/2021, 9:08 AM
GCP APIs need explicitly enabled before they can be used
f

fast-arm-63150

12/28/2021, 9:10 AM
@quiet-wolf-18467 are you saying that GCP APIs need to be manually enabled from the GCP console/dashboard? that's a bit silly given pulumi is supposed to automate this stuff?
I am using the automation API to do this btw
q

quiet-wolf-18467

12/28/2021, 9:15 AM
This is a Google constraint.
It needs to be done once and by a human, to the best of my knowledge
Once per GCP project
p

prehistoric-activity-61023

12/28/2021, 10:43 AM
You should be able to enable them using pulumi BUT you have to explicitly depend on them as this relationship cannot be discovered automatically.
Damn, I can see that we already discussed that @fast-arm-63150 😅
f

fast-arm-63150

12/28/2021, 6:01 PM
@prehistoric-activity-61023 yes we did 😄 Continuing to work on this
t

tall-photographer-1935

12/28/2021, 9:22 PM
This function automates enabling apis in a project with pulumi:
Copy code
from pulumi import Config
import pulumi_google_native as gcp
import pulumi_gcp as gcp_classic

# Returns a map of the enabled apis for a given project
def enable_apis(project_name: str, api_list: list):
    """Method to bulk enable APIs in a given project

    Args:
        project_name (str): The name of the Google Cloud Project to enable APIs in.
        api_list (list): The list of APIs to enable. Ex. ['<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>', '<http://cloudbilling.googleapis.com|cloudbilling.googleapis.com>', '<http://sqladmin.googleapis.com|sqladmin.googleapis.com>', '<http://servicenetworking.googleapis.com|servicenetworking.googleapis.com>']

    Returns:
        [dict]: A map of API name => Pulumi Object of the enabled APIs. Potentially useful to put in the `depends_on`
                section when deploying a resource.
                Ex. {
                    'cloudresourcemanager': Pulumi Object for Cloud Resource Manager API
                }
    """
    # TODO probably some data validity checks
    enabled_apis = dict()

    for api in api_list:
        api_name = api.split(".")[0]
        api_pulumi_ref = gcp_classic.projects.Service("Enable {} API in {}".format(api_name, project_name),
            disable_dependent_services=True,
            project=project_name,
            service=api)
        enabled_apis[api_name] = api_pulumi_ref
    return enabled_apis
f

fast-arm-63150

12/29/2021, 2:36 AM
@tall-photographer-1935 hey thanks for this, my code is very similar except that I'm using the project_id instead of project_name according to the docs for Service: https://www.pulumi.com/registry/packages/gcp/api-docs/projects/service/
I still get those errors though - I remember @prehistoric-activity-61023 mentioning that he has to spin up 2 stacks in order to get around this?
p

prehistoric-activity-61023

12/29/2021, 3:33 PM
I was able to do that within one stack (with explicit depends_on) but it was just cumbersome to manage so I decided to create 2 separate stacks (gcp-project-bootstrap and gcp-project).
👍 1
t

tall-photographer-1935

12/29/2021, 9:23 PM
Yep, I had that same issue. Needed to add an explicit
depends_on
in order to have the pulumi resource create after the api was enabled.
f

fast-arm-63150

12/30/2021, 4:59 PM
Hi all, as @prehistoric-activity-61023 had mentioned to me before, this does indeed work with depends_on @tall-photographer-1935 - thanks! NB @quiet-wolf-18467: GCP APIs need not be explicitly enabled with this method