GCP Cloud build is a global service but pulumi is forcing location setting for build trigger

[sadewale4]

Hi, i am attempting to create a GCP build trigger using pulumi-google-native, but hitting the below error:

error: error sending request: googleapi: Error 403: Project 123456789 is not allowlisted to create regional triggers: "https://cloudbuild.googleapis.com/v1/projects/prj-ID/locations/us-central1/triggers?projectId=prj-ID"

When i leave the location setting out, pulumi complains that a required parameter is missing.

This works okay in the pulumi google sdk. Please help in fixing this issue to allow cloud build to be created using the pulumi-google-native sdk.

[mikhailshilkov]

Thank you for reporting this @sadewale4

It looks like there are two endpoints for build: v1/projects/{projectid}/build and v1/projects/{projectid}/locations/{location}/build. The provider currently assumes the second one is enough but apparently this is wrong. We'll have to fix this.

[sadewale4]

Hey @mikhailshilkov

Thanks for Validating so quickly.

To confirm, i am having issues with the API at : https://www.pulumi.com/docs/reference/pkg/google-native/cloudbuild/v1/trigger/.

I noticed there is another API endpoing for build: https://www.pulumi.com/docs/reference/pkg/google-native/cloudbuild/v1/build/.

From what i can tell, the Trigger API should not require the location/region parameter which i think is the main issues. Any idea what it would take from a timeline perspective to have this fixed?

[mikhailshilkov]

Oops, yes, I looked at a wrong resource, but the same conclusion applies to triggers too.

In terms of the timeline, I'd guess it's at least two weeks away, as we are now busy with another workstream. Sorry about that.

[bruno-morel]

I have the exact same problem and we can't use the "normal gcp provider" since we want to use pubsub triggers.

[silphid]

Also same problem here, and we also need the native provider to be able to use secrets from Secret Manager. A fix would definitely be most appreciated!

[wvanderdeijl]

I had a similar problem when creating a build itself (new google.cloudbuild.v1.Build). Specifying location:global allowed me to create the build (but subsequent deploys than still fail). But perhaps specifying locations:global for a trigger does the trick.

When using new google.cloudbuild.v1.Build the build is created, but subsequent deploys still run into a similar issue with wrong URL's:

  google-native:cloudbuild/v1:Build (xxxxxx-build):
    error: error sending request: Get 
    "https://cloudbuild.googleapis.com/v1/projects/my-project/locations/global/builds/b6768a46-72d5-44ce-882e-6bc1ff912802?alt=json": 
    stream error: stream ID 1; INTERNAL_ERROR; received from peer: 
    "https://cloudbuild.googleapis.com/v1/projects/my-project/locations/global/builds/b6768a46-72d5-44ce-882e-6bc1ff912802"
    map[]

It seems it is now using locations/global in the path which causes a failure as it should GET https://cloudbuild.googleapis.com/v1/projects/my-project/builds/b6768a46-72d5-44ce-882e-6bc1ff912802?alt=json

[joekgu]

We experience the same problem, any update on this?

[bruno-morel]

Any news on this? this make the google native driver useless for managing CloudBuild...