`add-gcp-broker` authentication fails due to a secret wrong format

[arapulido]

I was following the instructions to add the GCP broker to my Kubernetes cluster. When I run sc add-gcp-broker the GCP broker pod fails to sync the catalog with the following error:

I0611 10:54:49.843795       1 reflector.go:202] Starting reflector *v1.Secret (10m0s) from github.com/GoogleCloudPlatform/k8s-service-catalog/catalog-oauth/watcher/watcher.go:59
I0611 10:54:49.854257       1 reflector.go:240] Listing and watching *v1.Secret from github.com/GoogleCloudPlatform/k8s-service-catalog/catalog-oauth/watcher/watcher.go:59
I0611 10:54:49.854290       1 watcher.go:42] Tweaking list options &ListOptions{LabelSelector:,FieldSelector:,Watch:false,ResourceVersion:0,TimeoutSeconds:nil,IncludeUninitialized:false,Limit:500,Continue:,}
I0611 10:54:49.900552       1 round_trippers.go:405] GET https://10.7.240.1:443/api/v1/namespaces/google-oauth/secrets?limit=500&resourceVersion=0 200 OK in 46 milliseconds
I0611 10:54:49.930661       1 watcher.go:42] Tweaking list options &ListOptions{LabelSelector:,FieldSelector:,Watch:false,ResourceVersion:219062,TimeoutSeconds:*481,IncludeUninitialized:false,Limit:0,Continue:,}
I0611 10:54:49.931006       1 main.go:68] Secret google-oauth/default-token-csc6d: checking for Service Catalog authentication extension contract...
I0611 10:54:49.931105       1 google_oauth.go:103] Secret 'google-oauth/default-token-csc6d' is not compatible with the Service Catalog authentication extension contract (missing 'key' field); skipping...
I0611 10:54:49.931178       1 main.go:68] Secret google-oauth/oauth: checking for Service Catalog authentication extension contract...
I0611 10:54:49.937776       1 round_trippers.go:405] GET https://10.7.240.1:443/api/v1/namespaces/google-oauth/secrets?resourceVersion=219062&timeoutSeconds=481&watch=true 200 OK in 6 milliseconds
I0611 10:54:50.627318       1 round_trippers.go:405] GET https://10.7.240.1:443/api/v1/namespaces/google-oauth/secrets/gcp-svc-account-secret 404 Not Found in 40 milliseconds
I0611 10:54:50.631761       1 round_trippers.go:405] POST https://10.7.240.1:443/api/v1/namespaces/google-oauth/secrets 201 Created in 3 milliseconds
I0611 10:54:50.633575       1 google_oauth.go:167] Successfully wrote an OAuth access token into secret google-oauth/gcp-svc-account-secret
I0611 10:54:50.633710       1 main.go:68] Secret google-oauth/google-oauth-token-98dpf: checking for Service Catalog authentication extension contract...
I0611 10:54:50.633777       1 google_oauth.go:103] Secret 'google-oauth/google-oauth-token-98dpf' is not compatible with the Service Catalog authentication extension contract (missing 'key' field); skipping...
I0611 10:54:50.633834       1 main.go:68] Secret google-oauth/gcp-svc-account-secret: checking for Service Catalog authentication extension contract...
I0611 10:54:50.633869       1 google_oauth.go:103] Secret 'google-oauth/gcp-svc-account-secret' is not compatible with the Service Catalog authentication extension contract (missing 'key' field); skipping...

This is the list of secrets in the google-oauth namespace:

NAME                       TYPE                                  DATA      AGE
default-token-csc6d        kubernetes.io/service-account-token   3         1m
gcp-svc-account-secret     Opaque                                1         1m
google-oauth-token-98dpf   kubernetes.io/service-account-token   3         1m
oauth                      Opaque                                4         1m

The gcp-svc-account-secret secret only has a token key.

The oauth secret has a key, scopes, secretName and secretNamespace keys.

Any ideas?

Thanks! ❤️

[arapulido]

Actually, the issues wasn't coming from this, but from a x509 cert error. I will investigate and may open a new issue instead.

[martinmaly]

Thank you! Do ping back if you encounter issues. We'll be happy to help