In order to use Workload Identity Federation to retrieve a temporary token, the Sysdig backend needs to make a request to this specific WIF pool. This URL is currently built using the projectID, however it always uses sysdig as the pool ID. In order to support dynamic poolIDs, this information needs to be sent to the backend, persisted, and passed along to all consumers.
https://github.com/sysdiglabs/terraform-google-secure-for-cloud/pull/129#issuecomment-1347598991
service account
β Error: Error creating service account: googleapi: Error 409: Service account sysdigcloudbench already exists within project projects/integral-legend-204815., alreadyExists
β
β with module.secure-for-cloud_example_organization.module.cloud_bench["integral-legend-204815"].google_service_account.sa,
β on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 50, in resource "google_service_account" "sa":
β 50: resource "google_service_account" "sa" {
β
OK. role. fixed in #65
β Error: Custom project role projects/test-for-hayk/roles/sysdigCloudBench already exists and must be imported
β
β with module.secure-for-cloud_example_organization.module.cloud_bench["test-for-hayk"].google_project_iam_custom_role.custom,
β on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 64, in resource "google_project_iam_custom_role" "custom":
β 64: resource "google_project_iam_custom_role" "custom" {
- NOP. sysdig secure cloud account (yeah this is odd.. maybe derived from role collision?)
> this happens because of the backend validation, a benchmark account (cloud-account-sysdig-client) can not be registered more than one
β Error: 409 Conflict
β
β with module.secure-for-cloud_example_organization.module.cloud_bench["cloudvision-member"].sysdig_secure_cloud_account.cloud_account,
β on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 21, in resource "sysdig_secure_cloud_account" "cloud_account":
β 21: resource "sysdig_secure_cloud_account" "cloud_account" {
β
nkraemer-sysdig
commented
3 years ago
Same as it happend on AWS (fixed in https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/pull/26) we're getting collision on both simple/org examples, when concurrent testing, on following resources
guess it's low-prio as it would affect only QA
- KO. federation working pool.
β Error: 409 Conflict β β with module.secure-for-cloud_example_organization.module.cloud_bench["cloudvision-member"].sysdig_secure_cloud_account.cloud_account, β on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 21, in resource "sysdig_secure_cloud_account" "cloud_account": β 21: resource "sysdig_secure_cloud_account" "cloud_account" { β