Open assertnotnull opened 11 months ago
Hi @assertnotnull , I'm looking at your debug log and it looks like in the projectId
in the secret environment variable is prefixed with projects/
. The documentation example however just has the project ID. Can you try removing that prefix?
@josueetcom it gives the same error setting the project_id to data.google_project.project.project_id
and then again when trying with the key set to "projects/${data.google_project.project.project_id}/secrets/${secret_environment_variables.key}"
or the other formats in the error message
Sorry, I should've been clearer. What I mean is that you have these lines:
dynamic "secret_environment_variables" {
...
project_id = data.google_project.project.id
...
}
Which is showing up in the request debug log as:
"secretEnvironmentVariables": [
...
"projectId": "projects/redacted",
...
]
This means that data.google_project.project.project_id
is resolving as projects/redacted
and already includes a projects/
prefix. I'm not suggesting that you add the projects/
prefix because according to this logic:
dynamic "secret_environment_variables" {
...
project_id = "projects/${data.google_project.project.project_id}"
...
}
would result in:
"secretEnvironmentVariables": [
...
"projectId": "projects/projects/redacted",
...
]
Do you notice how the projects/
prefix is now doubled as projects/projects/
?
Unless this is a property of how your logs got redacted It seems that data.google_project.project.project_id
evaluates to projects/YOUR_PROJECT_ID
when what you really need is just YOUR_PROJECT_ID
. In other words, your debug logs should show:
"secretEnvironmentVariables": [
...
"projectId": "redacted",
...
]
I did understand you. It's what I said I tried with data.google_project.project.project_id
but it still gave me the same error saying secrets annotation should have the format ...
Any update on this? Also I don't want this to be closed for inactivity.
Not sure it's useful to you @assertnotnull , but I ran into the same issue, and my problem was that I was passing a full ID (e.g. projects/{ID}/secrets/{short_name}) when I should have just been passing in {short_name} to the secret
argument.
It was confusing, because other TF modules expected that full ID for my secret.
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
1.6.1
Affected Resource(s)
Google provider version 5.3.0
Terraform Configuration Files
the module
Debug Output
Debug logs of interest: https://gist.github.com/assertnotnull/c7644085e2be407d0243835d69e12a0d
Error: Error updating function "projects/redacted/locations/northamerica-northeast1/functions/function-name": googleapi: Error 400: Could not update Cloud Run service projects/redacted/locations/northamerica-northeast1/services/function-name. service.spec.template.metadata.annotations[run.googleapis.com/secrets]: secrets annotation should have the format:projects/|/secrets/[,:projects/|/secrets/,...]
Expected Behavior
Update the secrets of the google function v2
Actual Behavior
Error with the above
Steps to Reproduce
terraform apply
b/307707144