This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

07/10/2019, 8:53 PM

This message was deleted.

important-leather-28796

07/10/2019, 8:54 PM

there is no stack trace so I have no idea where this is originating

important-leather-28796

07/10/2019, 8:59 PM

I did a

gcloud auth revoke

locally and have no env vars set and I can preview fine….more confused.

chilly-crayon-57653

07/10/2019, 10:21 PM

@happy-yak-61289 and I were talking about something vaguely similar and she asked if you had done 'gcloud auth application-default login' (since difft layers of sdk's etc fetch difft creds .. a la https://stackoverflow.com/questions/53306131/difference-between-gcloud-auth-application-default-login-and-gcloud-auth-logi)

important-leather-28796

07/10/2019, 10:39 PM

@chilly-crayon-57653 I shouldn’t be using

gcloud

cli at all, I am creating service account credentials in an

identity

stack, then supplying them system-wide with the env

GOOGLE_CLOUD_KEYFILE_JSON

. This has been working fine but a pulumi? update within the past three weeks has perhaps changed something.

chilly-crayon-57653

07/10/2019, 11:56 PM

the latter command covers SDK use, rather than CLI

important-leather-28796

07/10/2019, 11:57 PM

The env variable covers sdk use.

important-leather-28796

07/10/2019, 11:58 PM

Otherwise my setup would not have worked for the past 6 months

white-balloon-205

07/11/2019, 1:31 AM

I am not an expert here - but is it possible that this command is invoked as part of GKE authentication? I believe the kubeconfig files for accessing GKE end up having to do something like this to get credentials?

white-balloon-205

07/11/2019, 1:31 AM

FWIW - I am reasonably confident that the Pulumi GCP provider itself would not be invoking this.

important-leather-28796

07/11/2019, 1:38 AM

@white-balloon-205 this has been working fine - it is an automated process inside a ci container. No gcloud setup has ever been used. This error is definitely coming from

pulumi preview

. Is there a way to have the cli report a stack trace to the console?

white-balloon-205

07/11/2019, 1:40 AM

Does your stack manage a GKE cluster or deploy GKE resources? If so, could you share the

kubeconfig

you are using? You can get very verbose logs with

pulumi preview --logtostderr -v=9 --debug 2> out.txt

which might help here?

important-leather-28796

07/11/2019, 1:46 AM

the infrastructure stack that is breaking is managing the cluster. It does also deploy some basic shared resources like cert-manager. I’ll try this in the morning and get back to you, it is only occurring on ci so I’ll ssh in and poke around.

important-leather-28796

07/11/2019, 2:34 PM

It looks like

provider_plugin.go:514] Provider[kubernetes, 0xc00308ab40].Diff(

now thinks I have no gcloud account. Which repo has that code?

Untitled

important-leather-28796

07/11/2019, 2:46 PM

Ok, not sure what changed or why I now need to auth gcloud, but I can only assume it has to do with more intensive checking of something on the actual server. Only in my

pulumi update

did I run

gcloud auth activate-service-account

, it appears now that I need it to preview as well. So, not a problem, I just assume it has some better checking or validation.

👍 1

10 Views

Open in Slack

Previous Next