fast-arm-63150
01/11/2022, 6:04 PMgreat-queen-39697
01/12/2022, 3:35 PMsecretmanager.get_secret_version
call drops the version of the secret, not the value. I think what you want is https://www.pulumi.com/registry/packages/gcp/api-docs/secretmanager/getsecret/, which will wait until the value is available if you use the direct call.fast-arm-63150
01/12/2022, 5:13 PMprehistoric-activity-61023
01/12/2022, 5:19 PMfast-arm-63150
01/12/2022, 5:30 PMprehistoric-activity-61023
01/12/2022, 5:31 PMfast-arm-63150
01/12/2022, 5:32 PMprehistoric-activity-61023
01/12/2022, 5:34 PMdepends_on
to all resources that rely on this as this dependency cannot be autodetected by pulumi.pulumi up
twice (first it’s gonna enable the service and fail with “API is disabled”, on the second run it should be fine)DB_PASS
already exists in secretmanager?great-queen-39697
01/12/2022, 5:41 PMmy-secret-123456
). It might be easier to use get_secret
to get the ID to pass to get_secret_version
prehistoric-activity-61023
01/12/2022, 5:44 PMfast-arm-63150
01/12/2022, 5:48 PMprehistoric-activity-61023
01/12/2022, 5:49 PMdepends_on
here and that part probably works. I assume it complains when it first executes secretmanager.get_secret_version
and I think there’s no way to include depends_on
in InvokeOptions. That’s the main reason why I have 2 separated projects for GCP (gcp-project-bootstrap
where I enable all APIs and configure things such as top-level IAM rules and gcp-project
where I actually create resources such as cloud sql, gke, memory store etc.).
Additionally, I think get_*
functions are only used when you need to get resources managed outside of your pulumi stack (or to get resources not managed by any IaC at all). In your case, you’re creating the secret and CloudSQL user in the same stack so there’s no need for that and you can pass these values directly.fast-arm-63150
01/12/2022, 6:25 PMprehistoric-activity-61023
01/12/2022, 6:26 PM