search

crossplane-contrib / provider-upjet-gcp

Official GCP Provider for Crossplane by Upbound.
Apache License 2.0
60 stars 61 forks source link

[Bug]: ServiceAccountKey creation is generally unavailable, error message is "400: unknown" #525

Open briantopping opened 1 month ago

briantopping commented 1 month ago

Is there an existing issue for this?

Affected Resource(s)

serviceaccountkeys.cloudplatform.gcp.upbound.io

Resource MRs required to reproduce the bug

apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountKey
metadata:
  annotations:
    crossplane.io/composition-resource-name: serviceaccountkey
    crossplane.io/external-create-failed: "2024-05-14T19:39:33Z"
    crossplane.io/external-create-pending: "2024-05-14T19:39:33Z"
    crossplane.io/external-create-succeeded: "2024-05-14T19:26:03Z"
  labels:
    crossplane.io/claim-name: my-ess
    crossplane.io/claim-namespace: default
    crossplane.io/composite: my-ess-mmjfg
  name: my-ess-mmjfg-6nnmf
spec:
  deletionPolicy: Delete
  managementPolicies:
  - '*'
  providerConfigRef:
    name: default
  publishConnectionDetailsTo:
    configRef:
      name: vault
    metadata:
      labels:
        environment: development
        secret.crossplane.io/owner-uid: 935d748c-5adc-4beb-8910-9570a6611b57
        team: backend
    name: ess-mr-conn

Steps to Reproduce

Apply the MR

What happened?

According to this GCP documentation, key creation is disabled after 3-May-2024. In organizational settings, tags must be created by an org administrator in order to re-enable key creation. The error message that is returned could be improved to "if you are seeing this..." at the very least.

It would also be valuable to update the Vault ESS demo accordingly.

Relevant Error Output Snippet

2024-05-14T19:31:32Z    DEBUG   provider-gcp    Async create ended. {"trackerUID": "935d748c-5adc-4beb-8910-9570a6611b57", "resourceName": "my-ess-mmjfg-6nnmf", "gvk": "cloudplatform.gcp.upbound.io/v1beta1, Kind=ServiceAccountKey", "error": "async create failed: failed to create the resource: [{0 Error creating service account key: googleapi: Error 400: Unknown error, badRequest  []}]", "tfID": ""}

Crossplane Version

1.15.2

Provider Version

1.1.0

Kubernetes Version

1.29.2

Kubernetes Distribution

KinD

Additional Info

No response