search

cloudamqp / terraform-provider-cloudamqp

Terraform Provider for CloudAMQP
https://registry.terraform.io/providers/cloudamqp/cloudamqp
Mozilla Public License 2.0
35 stars 39 forks source link

Metric StackDriver Integration almost work #72

Closed ticosax closed 4 years ago

ticosax commented 4 years ago

Hi, It seems there some polishing required with the stackdriver metric integration.

The Plan execution worked. That's an annotated excerpt of our terraform state:

{
      "module": "module.services",
      "mode": "managed",
      "type": "cloudamqp_integration_metric",
      "name": "stackdriver",
      "provider": "provider.cloudamqp",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "access_key_id": null,
            "api_key": null,
            "client_email": "...  ",
            "email": null,
            "id": "341798234",
            "instance_id": 45862,
            "license_key": null,
            "name": "stackdriver",
            "private_key": "....",
            "project_id": "...",
            "queue_whitelist": "",
            "region": null,
            "secret_access_key": null,
            "tags": "",
            "vhost_whitelist": ""
          },
          "private": "...",
          "dependencies": [
            "modul.services.cloudamqp_instance.celery_broker"
          ]
        }
      ]
    }

Regarding the annotated private_key field, I base64 decoded it, and I can see the service account json document.

Everything seemed to be working, until I wanted to check on cloudamqp website.

cloudamqp-stackdriver-integration-annoted

Do you think it is related to the terraform plugin ?

tbroden84 commented 4 years ago

Looks to be an issue using your private key when forwarding the metrics. After creating the key on your service account and received the JSON-file. You should then copy the whole string ('-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----') from the private_key property and use it raw as your private key in Terraform.

Please let me know if this helps.

ticosax commented 4 years ago

Thank you that's probably it.

ticosax commented 4 years ago

Hi, I confirm this is working now. Thank you!

To make it work I had to b64decode and decode the json to extract the private_key. Wouldn't it be preferable to accept the value returned by https://www.terraform.io/docs/providers/google/r/google_service_account_key.html#private_key directly ?

Desired api

resource "cloudamqp_integration_metric" "stackdriver" {
  instance_id  = cloudamqp_instance.celery_broker.id
  name         = "stackdriver"
  project_id   = var.project
  private_key  = cloudamqp_stackdriver_integration_service_account.private_key
  client_email = cloudamqp_stackdriver_integration_service_account.email
}

Offered API

resource "cloudamqp_integration_metric" "stackdriver" {
  instance_id  = cloudamqp_instance.celery_broker.id
  name         = "stackdriver"
  project_id   = var.project
  private_key  = jsondecode(base64decode(cloudamqp_stackdriver_integration_service_account.private_key)).private_key
  client_email = cloudamqp_stackdriver_integration_service_account.email
}

It is worth being documented at least, because it is not trivial.

tbroden84 commented 4 years ago

@ticosax Thanks for the information. Will try and take a look and see what is the difference. In our UI solution, we just attach the downloaded file that is created when a new key is created at GCE. If I remember correct we don't need to format the key in that case.