Hey I ve got something strange As part of our ci we run `pre

Question

Hey I ve got something strange As part of our ci we run `preview` and while we have not made changes we just had a change pop up as part of our `infrastructure` stack that looks pretty ominous Am I correct in thinking this is going to update the cluster and delete recreate all that is listed here as `replace` This seems like it would be a very bad production downtime event wouldn t it

important-leather-28796 · Answer

Filed <https github com pulumi pulumi gcp issues 184>

microscopic-florist-22719 · Answer

We tracked this down to a known issue with the underlying Terraform provider where passing ` latest ` for the `minMasterVersion` and `nodeVersion` properties results in persistent diffs even when the Pulumi program has not changed

microscopic-florist-22719 · Answer

We saw this ourselves in our examples the fix we applied was to use the `getEngineVersions ` API to fetch the actual version string for the latest available version

important-leather-28796 · Answer

Yes I updated the issue thanks

important-leather-28796 · Answer

I am having a problem determining the minimal permission for our `preview` service account though

important-leather-28796 · Answer

Getting `Error invocation of gcp container getEngineVersions getEngineVersions returned an error invoking gcp container getEngineVersions getEngineVersions project required field is not set` we use a minimal permissioned ci account to give us a sanity check on infrastructure and it now fails

important-leather-28796 · Answer

added ` roles container clusterViewer ` but it wasn t the permission needed

important-leather-28796 · Answer

I confirmed it to be a permission issue just not sure which one Also added `roles container viewer` which didn t cover it

important-leather-28796 · Answer

important-leather-28796 · Answer

Ok this may not have been a permissions problem I m stuck elsewhere but it does seem like I had to pass location and project to getEngineVersions