search

GoogleCloudPlatform / gcpdiag

gcpdiag is a command-line diagnostics tool for GCP customers.
https://gcpdiag.dev/
Apache License 2.0
284 stars 63 forks source link

don't warn about GKE for projects not using it #49

Closed black-snow closed 1 year ago

black-snow commented 1 year ago

I get

🔎  gke/ERR/2021_007: GKE service account permissions.
   - xyz                                                        [FAIL]
     service account: service-123456@container-engine-robot.iam.gserviceaccount.com
     missing role: roles/container.serviceAgent

   Verify that the Google Kubernetes Engine service account exists and has the
   Kubernetes Engine Service Agent role on the project.

   https://gcpdiag.dev/rules/gke/ERR/2021_007

even for projects that don't use GKE. It'd be nice if the tool checked whether or not the corresponding API was enabled or not and changed the applied rules accordingly.

schweikert commented 1 year ago

Thanks for reporting this, which is clearly a bug in this rule. The rule should skip if the GKE API is disabled or if there are no GKE clusters created. I am working on a fix which should get pushed soon.