search

GoogleCloudPlatform / k8s-config-connector

GCP Config Connector, a Kubernetes add-on for managing GCP resources
https://cloud.google.com/config-connector/docs/overview
Apache License 2.0
893 stars 222 forks source link

[CloudFunctionsFunction] GCS bucket resource does not match the expected pattern #886

Open b4nst opened 1 year ago

b4nst commented 1 year ago

Checklist

Bug Description

After following example on CloudFunctionsFunction, I ended up with an error on the event trigger resource.

Additional Diagnostic Information

kubectl describe -n banst-dev storagebucket <redacted_bucket>
[...]
Normal  UpToDate  48m (x2 over 48m)  storagebucket-controller  The resource is up to date

Kubernetes Cluster Version

v1.24.17-gke.200

Config Connector Version

1.89.0

Config Connector Mode

cluster mode

Log Output

Events:
  Type     Reason        Age              From                               Message
  ----     ------        ----             ----                               -------
  Normal   Updating      4s (x3 over 6s)  cloudfunctionsfunction-controller  Update in progress
  Warning  UpdateFailed  4s (x3 over 6s)  cloudfunctionsfunction-controller  Update call failed: error applying desired state: googleapi: Error 400: The request has errors
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "GCS bucket resource <redacted_bucket> does not match the expected pattern, which is projects/{project}/buckets/{bucket}",
        "field": "event_trigger.resource"
      }
    ]
  }
]

Steps to reproduce the issue

Apply resources, wait for result

YAML snippets

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  labels:
    app.kubernetes.io/name: opkg-registry
    app.kubernetes.io/version: 0.0.0-devel
  name: <redacted_bucket>
  namespace: banst-dev
---
apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
  annotations:
    action.timoni.sh/force: enabled
  labels:
    app.kubernetes.io/name: opkg-registry
    app.kubernetes.io/version: 0.0.0-devel
  name: opkg-registry-indexer-remove
  namespace: banst-dev
spec:
  description: Indexer for opkg-registry
  entryPoint: HandleDelete
  eventTrigger:
    eventType: google.storage.object.delete
    resourceRef:
      kind: StorageBucket
      name: <redacted_bucket>
    service: storage.googleapis.com
  projectRef:
    external: projects/<redacted>
  region: <redacted>
  runtime: go121
  sourceArchiveUrl: gs://<redacted>.zip
---
b4nst commented 1 year ago

Btw I try changing the bucket to projects/<redacted_project>/buckets/<redacted_bucket> just to be sure but I get the expected error:

invalid resource name "projects/<redacted_project>/buckets/<redacted_bucket>": [may not contain '/']
diviner524 commented 1 year ago

Can you remove resourceRef.name and try use resourceRef.external with value projects/<redacted_project>/buckets/<redacted_bucket>?

b4nst commented 1 year ago

Yup, I confirm this does work by using resourceRef.external (need to also remove resourceRef.kind to match the schema). Does it have something to do with the eventTrigger.eventType? That's the only real diff I see with the documentation example.

diviner524 commented 1 year ago

Thanks for confirming @b4nst!

Does resourceRef.name work if the eventTrigger.eventType is providers/cloud.storage/eventTypes/object.change?

It could be a behavior change in the underlying GCP API.