search

GoogleCloudPlatform / deploymentmanager-samples

Deployment Manager samples and templates.
Apache License 2.0
937 stars 718 forks source link

Deployment Manager Support for Secret Manager and Serverless VPC Access? #588

Open tl-yang opened 3 years ago

tl-yang commented 3 years ago

Hi,

I would like to deploy my Redis and SQL database using Deployment Manager. And store their secrets in Secret Manager for App Engine to read. But I cannot find any documentation or example?

Also, the same problem for Serverless VPC Access.

Does Deployment Manager support Secret Manager and Serverless VPC Access?

Thanks

Satak commented 3 years ago

I would also like to know if there are any plans to add support to Serverless VPC Access API for deployment manager.

Trying to use this type: type: gcp-types/vpcaccess-v1:projects.locations.connectors here is the API documentation: https://cloud.google.com/vpc/docs/reference/vpcaccess/rest

error:

The fingerprint of the deployment is b'yj1-7d0WHtcede32Jm_uXA=='
Waiting for create [operation-1605564659767-5b440a73598bd-97c4335f-65d1ad9f]...failed.
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1605564659767-5b440a73598bd-97c4335f-65d1ad9f]: errors:
- code: RESOURCE_NOT_FOUND
  message: The provider vpcaccess-v1 at project gcp-types was not found in public
    GCP types

vpcaccess-v1 (Serverless VPC Access) is not listed here: https://cloud.google.com/deployment-manager/docs/configuration/supported-gcp-types

Any comment on this @akedin, is this even right place to ask support to new APIs?

Satak commented 3 years ago

Also to note that it's quite funny that 3rd party IaC platforms like Terraform supports new API resource types sooner than Google: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/vpc_access_connector

andytheapedemontague commented 3 years ago

@Satak I got this to work by making a custom type following a process similar to https://github.com/GoogleCloudPlatform/deploymentmanager-samples/issues/549 and using vpcaccess-v1-type:vpcaccess.projects.locations.connectors.create

But agreed, it would be good to have this as a first class citizen in DM.

m0ar commented 2 years ago

Any updates on this? We still have to use actions to manage secrets and VPC connectors, which is proving to be error-prone for us.

traviscollins commented 2 years ago

@Satak I got this to work by making a custom type following a process similar to #549 and using vpcaccess-v1-type:vpcaccess.projects.locations.connectors.create

Can you provide your custom typing here? That would be super helpful thanks!

elliscode commented 4 months ago

@Satak I got this to work by making a custom type following a process similar to #549 and using vpcaccess-v1-type:vpcaccess.projects.locations.connectors.create

Can you provide your custom typing here? That would be super helpful thanks!

Here's what I used, I took the create_typeprovider.sh script in the examples repo and changed the descriptor-url and the PROVIDER_NAME. Just make sure your default project is set correctly in your gcloud cli:

#!/bin/bash
set -e
set -o pipefail

cat <<- EOF > ./options.yaml
options:
  inputMappings:
  - fieldName: Authorization
    location: HEADER
    value: >
      $.concat("Bearer ", $.googleOauth2AccessToken())
EOF

# Create the type-provider.
gcloud beta deployment-manager type-providers create vpcaccess \
      --api-options-file=options.yaml \
      --descriptor-url="https://vpcaccess.googleapis.com/\$discovery/rest?version=v1"

exit 0

Then you can use it like so in your deployment manager file:

- name: projects/<your-project-name>/locations/<region>/connectors/vpc-connector
  type: <your-project-name>/vpcaccess:projects.locations.connectors
  properties:
    ...