https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
b
let's try keep this in a thread so we don't spam the channel
1
can you show me the output of 
gcloud projects list
f
I don't have 
gcloud
installed.
Ah, I can run it in the browser. One second.
Copy code
johnrichardrinehart@cloudshell:~ (webbie-295322)$ gcloud projects list
PROJECT_ID     NAME    PROJECT_NUMBER
webbie-295322  webbie  1038906272696
b
how are you setting your gcloud credentials?
f
Using the 
GOOGLE_CREDENTIALS
env var pointed to my service account 
credentials.json
. What are my choices?
b
that works, but I'd like to see the output of 
gcloud projects list
from your local machine with those credentials
f
That would require me to install 
gcloud
.
I'd rather not do that. The output should be the same from the Cloud Shell as locally.
b
is it a service account?
f
Yep.
b
that project must be coming from somewhere, and it can only really be coming from the credentials you're using. My theory is that your Google credentials are not the same as the gcloud shell, it's going to be next to impossible to debug this issue if you can't verify the credentials you're using locally with Pulumi. If you can think of another way to verify the credentials you have locally set in the 
GOOGLE_APPLICATION_CREDENTIALS
env var, it would be extremely helpful
if you're using a service account, it's entirely possible that the credentials for that service account are scoped differently and have different project access to the console, because gcloud uses different authentication mechanisms for both. So while 
gcloud projects list
might only show one project for your human user, the service account might have different permissions
it's worth nothing that this isn't an issue with pulumi itself
f
I created a service account in my personal GCP (not associated with any orgs/companies). I only have one project. Maybe the access credentials for the service account are different than the credentials for the user accessing the shell in the browser.
I can definitely verify the credentials in the environment variable. They're that of the service account.
Also, I haven't set the 
GOOGLE_APPLICATION_CREDENTIALS
environment variable. I've set the 
GOOGLE_CREDENTIALS
environment variable. But, maybe these are both supported.
b
Can you verify what projects the service account has access to?
f
I'm trying to figure out how to do that.
If you know how to do that could you help me?
b
yes, you'd install the gcloud CLI and run the command I specified 🙂
f
Okay, @billowy-army-68599. I'll do it.
@billowy-army-68599 I get the same results as the cloud shell.
Only one project.
Doesn't have that ID.
b
I'm not totally sure in that case, there must be some credentials somewhere that pulumi is picking up from the SDK somehow that you're not aware of what does your 
Pulumi.stack.yaml
have inside it? can you print your set environment variables and check if there's any other google related ones set?
f
No problem.
pulumi.stack.yaml
:
Copy code
config:
  gcp:project: webbie
   hey:there: "true"
There's only one environment variable set to anything Google related.
It's 
GOOGLE_CREDENTIALS
.
It starts with 
{   "type": "service_account",   "project_id": "webbie-295322",   "private_key_id":
which looks exactly like the 
credentials.json
file that I downloaded.
b
gcp:project: webbie
this should be 
gcp:project: webbie-295322
(I believe)
f
Ahhhh
Nice!
@billowy-army-68599 incremental progress. I've changed the 
gcp:project
configuration value to be the 
project ID
instead of the 
project Name
.
Now I'm encountering the error 
warning: inputs to import do not match the existing resource; importing this resource will fail
. I'll keep checking my specification of the device I'm trying to import. Maybe I made a mistake somewhere.
2 Views
Open in Slack
PreviousNext
Powered by