https://pulumi.com logo
c

cool-egg-852

02/18/2020, 5:04 PM
Does pulumi need any specific configuration to be able to create a pubsub topic in GCP? Trying to figure out why only topics are not able to be created but the serviceaccount I use can do everything else. It has the owner role.
The current permissions listed for the owner role even include
pubsub.topics.create
.
Authentication is handled via
gcloud auth activate-service-account
in a container (new container for each execution)
g

gentle-diamond-70147

02/18/2020, 5:22 PM
What's the error message you're getting?
c

cool-egg-852

02/18/2020, 5:22 PM
error: Error creating Topic: googleapi: Error 403: Request had insufficient authentication scopes.
g

gentle-diamond-70147

02/18/2020, 5:23 PM
To answer your first question - no, not aware of any specific configuration needed.
Is the API enabled for that particular project?
c

cool-egg-852

02/18/2020, 5:23 PM
Yep. It works on my machine, just not in our CI
I am wondering if it has anything to do with default application credentials.
I’m not aware if Pulumi tries to use those first or something, or uses it for pubsub
I’ll create a ticket for this because it’s extremely problematic for us.
g

gentle-diamond-70147

02/28/2020, 4:27 PM
Thanks. I'll follow up internally on this.
c

cool-egg-852

02/28/2020, 5:13 PM
Appreciate it. We’re making heavy use of pub/sub these days and we have to always deploy any changes manually otherwise our CI process fails. My guess is the gcloud sdk relies upon a differen authentication scheme or something for pub/sub.