search

GoogleCloudPlatform / terraform-google-cloud-functions

Deploys Cloud Functions (Gen 2)
https://registry.terraform.io/modules/GoogleCloudPlatform/cloud-functions/google
Apache License 2.0
30 stars 25 forks source link

feat: updated the role for CF Gen 2 #88

Closed prabhu34 closed 2 months ago

prabhu34 commented 5 months ago

71

87

prabhu34 commented 5 months ago

@amandakarina Can you or your team revisit the roles used in the secure module?

bruno561 commented 5 months ago

@prabhu34 I tried to use the modifications from your PR locally, but it is generating an error when applying. NOTE: Ignore the use of terragrunt.

module.cloud_functions2.google_cloudfunctions2_function_iam_member.invokers["allUsers"]: Creating...
╷
│ Error: Error applying IAM policy for cloudfunctions2 function "projects/xxx/locations/us-east4/functions/function-terragrunt": Error setting IAM policy for cloudfunctions2 function "projects/xxx/locations/us-east4/functions/function-terragrunt": googleapi: Error 400: Invalid argument: 'An invalid argument was specified. Please check the fields and try again.'
│ 
│   with module.cloud_functions2.google_cloudfunctions2_function_iam_member.invokers["allUsers"],
│   on module/main.tf line 131, in resource "google_cloudfunctions2_function_iam_member" "invokers":
│  131: resource "google_cloudfunctions2_function_iam_member" "invokers" ***
│ 
╵
time=2024-01-28T16:25:53Z level=error msg=Module /home/runner/work/terraform-modules/terraform-modules/terraform/cloudfunctions2 has finished with an error: 1 error occurred:
    * exit status 1

 prefix=[/home/runner/work/terraform-modules/terraform-modules/terraform/cloudfunctions2] 
time=2024-01-28T16:25:53Z level=error msg=1 error occurred:
    * exit status 1
bruno561 commented 5 months ago

I found the error. I made a PR similar to this with the necessary changes to not generate the mentioned error. PR: https://github.com/GoogleCloudPlatform/terraform-google-cloud-functions/pull/90

prabhu34 commented 5 months ago

I found the error. I made a PR similar to this with the necessary changes to not generate the mentioned error. PR: #90

Thank you! I have added the support for both these roles here. Hence closing #90.

bruno561 commented 5 months ago

@prabhu34 Is it still necessary to create the google_cloudfunctions2_function_iam_member resources? Whereas google_cloud_run_service_iam_memberwill now be used.

prabhu34 commented 3 months ago

@prabhu34 Is it still necessary to create the google_cloudfunctions2_function_iam_member resources? Whereas google_cloud_run_service_iam_memberwill now be used.

It would gradually go off in future versions. But for now this is to support the existing usage of the role bindings.

g-awmalik commented 3 months ago

/gcbrun

g-awmalik commented 3 months ago

@bharathkkb - I think this can be approved/merged while the CI is failing and we figure out the root cause.

daniel-cit commented 2 months ago

@g-awmalik @bharathkkb @apeabody

PR chore: add retry to secure cloud function test should make the build process stable enough.

A further improvement can be added by increasing the possibles values for the access level create in the test in this other fix!: replace random_id with random_string to increase number of possible access levels .

It can be used after we got a new release of the terraform-google-cloud-run repository.

This should fix most of the build errors base in the last 50 failing build (VPC-SC propagation and VPC-SC name collision)