PubSub Subscription pushEndpoint reference to the other objects

[tgjonestx]

We are transitioning our IAC from Terraform to KCC as much as possible. We ran into this issue while trying to provision the Cloud Build Slack Notifier with KCC. The PubSub Subscription for the Slack Notifier needs to set the pushConfig.pushEndpoint to the URL for the corresponding Cloud Run object.

I know KCC does not currently support Cloud Run (#378), but I imagine there may be other scenarios where someone might want to manage the pushEndpoint URL programmatically with KCC.

Here's an example of how we manage this dependency in terraform:

              resource "google_pubsub_subscription" "slack-notifier-invoker" {
                project = local.project_name
                name    = "slack-notifier-invoker"
                topic   = "cloud-builds"

                push_config {
                  push_endpoint = google_cloud_run_service.slack-notifier.status[0].url
                  oidc_token {
                    service_account_email = local.slack_notifier_invoker_gsa
                  }
                }
              }

[toumorokoshi]

Thanks for filing! This is a gap we see periodically, and it's not just KCC-specific: we see it as a problem we should try to solve at possibly a higher layer (potentially at the CLI layer).

We are in active conversations to get traction on this problem, but given the scope (have to pull in some help from K8S sigs or other tools) it's hard to give a clear timeline.

[gferreux]

KCC might add another push_config attribute to reference a CloudRun or a more generic way at the Config Sync or Config Controller layer

[diviner524]

Yes, this is definitely on our roadmap. We are fully aware of this missing requirement and looking to build new features on top of Config Connector to address this and similar scenarios.