Getting a 404 when trying to create a secret version in GCP Pulumi Community #general

Getting a 404 when trying to create a secret versi...

eager-keyboard-30823

04/13/2022, 10:21 AM

Getting a 404 when trying to create a secret version in GCP, anyone know why this might be happening? Using Pulumi 3.28 and F#

miniature-musician-31262

04/13/2022, 6:53 PM

Hi there. Are you getting a 404 from GCP? Can you share a bit more detail, maybe some of the error message?

eager-keyboard-30823

04/13/2022, 7:03 PM

Hi @miniature-musician-31262, sure thing. Here’s the error.

Copy code

Diagnostics:
 
REDACTED-ORG-ID/REDACTED-PROJECT-ID/dev (pulumi:pulumi:Stack)
error: update failed
 
SECRET-REDACTED-version (gcp:secretmanager:SecretVersion)
error: 1 error occurred:
	* Error creating SecretVersion: googleapi: got HTTP response code 404 with body: <!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 404 (Not Found)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  </style>
  <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
  <p><b>404.</b> <ins>That's an error.</ins>
  <p>The requested URL <code>/v1/SECRET-REDACTED:addVersion?alt=json</code> was not found on this server.  <ins>That's all we know.</ins>


 
Resources:
    5 unchanged
 
Duration: 4s

miniature-musician-31262

04/13/2022, 7:50 PM

That’s interesting. Do you see that only for this resource, or for any GCP resource in the stack?

miniature-musician-31262

04/13/2022, 7:51 PM

Also, if you could share a little code, that might help; I don’t have the F# handy to work with secretsmanager 😅

eager-keyboard-30823

04/13/2022, 8:47 PM

This is the only resource I see the error for. Creating the secret itself works fine, for example. Here’s a gist: https://gist.github.com/LiHRaM/83e4543d994f5f9659258f398d8249ac I’m using https://www.nuget.org/packages/Pulumi.FSharp.Gcp/ for the Computation Expression syntax. That version uses Pulumi.Gcp version 6.17.

miniature-musician-31262

04/13/2022, 9:53 PM

Thanks much. I think this gist may be missing some code, though 🤔

miniature-musician-31262

04/13/2022, 9:57 PM

Maybe I’m missing a dep somewhere

eager-keyboard-30823

04/13/2022, 10:17 PM

You should also have a

Program.fs

with the following contents:

Copy code

module Program

open Pulumi.FSharp

let infra () =
    let secrets = SecretManager.secrets ()

    dict []

Deployment.run infra |> ignore

miniature-musician-31262

04/13/2022, 10:51 PM

I’ll see if I can get some help interally on this one, as I’ve not had much luck reproducing it yet

miniature-musician-31262

04/13/2022, 11:16 PM

Are you sure you’ve enabled the Secret Manager API?

miniature-musician-31262

04/13/2022, 11:16 PM

(In the GCP console)

eager-keyboard-30823

04/14/2022, 11:15 AM

Yep. I created both the secret and the secretversion manually and tried importing them, but importing the secretversion failed, so I deleted it and tried to recreate using Pulumi

eager-keyboard-30823

04/14/2022, 11:33 AM

Trying to import gives the following error:

Copy code

$ pulumi import gcp:secretmanager/secretVersion:SecretVersion default projects/REDACTED-PROJECT/secrets/REDACTED-SECRET/versions/1
Previewing import (REDACTED-ORG/dev)

View Live: REDACTED

     Type                                Name                                            Plan       Info
     pulumi:pulumi:Stack                 REDACTED-STACK                                   1 error
 =   └─ gcp:secretmanager:SecretVersion  default  import     1 error
 
Diagnostics:
  gcp:secretmanager:SecretVersion (default):
    error: Preview failed: refreshing urn:pulumi:dev::REDACTED::gcp:secretmanager/secretVersion:SecretVersion::default: 1 error occurred:
        * Error reading SecretVersion: googleapi: Error 403: Permission 'secretmanager.versions.access' denied for resource 'projects/REDACTED/secrets/REDACTED-SECRET/versions/1' (or it may not exist).
 
  pulumi:pulumi:Stack (REDACTED-STACK):
    error: preview failed

eager-keyboard-30823

04/14/2022, 11:36 AM

That bit makes sense, as I don’t have

secretmanager.versions.access

privileges, but that doesn’t prevent me from creating, destroying or disabling secrets. Just viewing them

eager-keyboard-30823

04/19/2022, 9:04 AM

Okay, so turns out importing was failing because I needed the access privilege to be set for the user pulumi was authenticated as. The other error was because I was using the SecretId property instead of the Name property (where the name property has the full URI including the project)

8 Views

Open in Slack

Previous Next