Hi all, has anyone figured out a robust way to activate GCP services with python? I still often run into this error: "Error creating Secret: googleapi: Error 403: Secret Manager API has not been used in project XXXXX before or it is disabled." using the following code: _enable_service = projects.Service(service_name, disable_dependent_services=True, project=project_id, service=service_api )

GCP APIs need explicitly enabled before they can be used

@quiet-wolf-18467 are you saying that GCP APIs need to be manually enabled from the GCP console/dashboard? that's a bit silly given pulumi is supposed to automate this stuff?

This is a Google constraint.

You should be able to enable them using pulumi BUT you have to explicitly depend on them as this relationship cannot be discovered automatically.

@prehistoric-activity-61023 yes we did 😄 Continuing to work on this

This function automates enabling apis in a project with pulumi:

from pulumi import Config
import pulumi_google_native as gcp
import pulumi_gcp as gcp_classic

# Returns a map of the enabled apis for a given project
def enable_apis(project_name: str, api_list: list):
    """Method to bulk enable APIs in a given project

    Args:
        project_name (str): The name of the Google Cloud Project to enable APIs in.
        api_list (list): The list of APIs to enable. Ex. ['<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>', '<http://cloudbilling.googleapis.com|cloudbilling.googleapis.com>', '<http://sqladmin.googleapis.com|sqladmin.googleapis.com>', '<http://servicenetworking.googleapis.com|servicenetworking.googleapis.com>']

    Returns:
        [dict]: A map of API name => Pulumi Object of the enabled APIs. Potentially useful to put in the `depends_on`
                section when deploying a resource.
                Ex. {
                    'cloudresourcemanager': Pulumi Object for Cloud Resource Manager API
                }
    """
    # TODO probably some data validity checks
    enabled_apis = dict()

    for api in api_list:
        api_name = api.split(".")[0]
        api_pulumi_ref = gcp_classic.projects.Service("Enable {} API in {}".format(api_name, project_name),
            disable_dependent_services=True,
            project=project_name,
            service=api)
        enabled_apis[api_name] = api_pulumi_ref
    return enabled_apis

@tall-photographer-1935 hey thanks for this, my code is very similar except that I'm using the project_id instead of project_name according to the docs for Service: https://www.pulumi.com/registry/packages/gcp/api-docs/projects/service/

I was able to do that within one stack (with explicit depends_on) but it was just cumbersome to manage so I decided to create 2 separate stacks (gcp-project-bootstrap and gcp-project).

Yep, I had that same issue. Needed to add an explicit

depends_on

in order to have the pulumi resource create after the api was enabled.

Hi all, as @prehistoric-activity-61023 had mentioned to me before, this does indeed work with depends_on @tall-photographer-1935 - thanks! NB @quiet-wolf-18467: GCP APIs need not be explicitly enabled with this method