https://pulumi.com logo
Title
s

straight-tailor-56799

05/25/2021, 11:04 PM
Hi, I have an issue with the basics and would appreciate any help… I have a project running on python on a docker image which runs a shell script using 
subprocess.Popen
. This shell script does 
gcloud auth
 , 
pulumi login
 and 
pulumi new
back in the python application I am trying to use pulumi auto and its complaining about missing google credentials. Note: I am using google storage as my managed backend… Am I doing anything fundamentally wrong ? how to address this ? I want my python application (using Flask) to create and destroy stacks using pulumi auto (using my gs backend url)
c

clever-sunset-76585

05/26/2021, 12:13 AM
subprocess.Popen
essentially runs your shell script in its own shell process. I don’t know much about `gcloud auth`If
gcloud auth
is simply setting env vars, that won’t work with triggering Pulumi commands via automation SDK in Python since Pulumi won’t “see” those environment vars. You will have to find a way to set authentication context that persists beyond just the shell script’s environment and is available/accessible in the Python
venv
when Pulumi runs as well.
s

straight-tailor-56799

05/26/2021, 3:28 AM
Hi @clever-sunset-76585 thanks for the reply. What I am unable to find anywhere in the documents is what should be the value of the PULUMI_ACCESS_TOKEN if I use my own managed backend. I am not sure what values I should even set for this, and if I set the BACKEND_URL env var alone its throwing an error wrt to authentication
after setting the backend url i get this error which am not sure if its an error from pulumi or google and how to resolve it…
code: 255 stdout: stderr: error: missing google credentials
c

clever-sunset-76585

05/26/2021, 2:56 PM
What I am unable to find anywhere in the documents is what should be the value of the
PULUMI_ACCESS_TOKEN
if I use my own managed backend. I am not sure what values I should even set for this
That should be your Pulumi account’s access token. Is your
BACKEND_URL
self-managed, or are you using our service (
<https://api.pulumi.com>
)? You can access the Access Tokens page for your Pulumi account by going to https://app.pulumi.com/account/tokens
s

straight-tailor-56799

05/26/2021, 4:01 PM
my backend url is self managed, its a gcp bucket
what would be the access token for self managed backend ?
c

clever-sunset-76585

05/26/2021, 4:59 PM
my backend url is self managed, its a gcp bucket
what would be the access token for self managed backend ?
Ah yes I see that you mentioned that in your original message. There is no need for a Pulumi access token for self-managed backends. The issue here is that your Pulumi does not “see” the Google credentials you are setting via
subprocess.Popen
as I mentioned here https://pulumi-community.slack.com/archives/C01PF3E1B8V/p1621988033086700?thread_ts=1621983858.086600&amp;cid=C01PF3E1B8V
You can verify if your gcloud credentials are accessible by adding a debug message in your Python that prints out an env var that you set via the shell script. That’ll show you whether or not any of the env vars you are setting via the script are persisting in the environment.
s

straight-tailor-56799

05/29/2021, 9:43 PM
Thanks, I will try that Praneet