No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

alienfast_advisorintake-infrastructure_production_-_Preview___Pulumi.gif

Filed <https://github.com/pulumi/pulumi-gcp/issues/184>

We tracked this down to a known issue with the underlying Terraform provider where passing `"latest"` for the `minMasterVersion` and `nodeVersion` properties results in persistent diffs even when the Pulumi program has not changed.

We saw this ourselves in our examples--the fix we applied was to use the `getEngineVersions()` API to fetch the actual version string for the latest available version.

I am having a problem determining the minimal permission for our `preview` service account though

Getting `Error: invocation of gcp:container/getEngineVersions:getEngineVersions returned an error: invoking gcp:container/getEngineVersions:getEngineVersions: project: required field is not set`, we use a minimal permissioned ci account to give us a sanity check on infrastructure and it now fails

added `'roles/container.clusterViewer'` but it wasn’t the permission needed

I confirmed it to be a permission issue, just not sure which one.  Also added `roles/container.viewer` which didn’t cover it

<https://cloud.google.com/kubernetes-engine/docs/how-to/iam>

Ok, this may not have been a permissions problem - I’m stuck elsewhere but it does seem like I had to pass location and project to getEngineVersions