Closed arapulido closed 6 years ago
Interesting, I was not aware of the bindingCreateParameterSchema, we should definitely implement this and generalise the secret output. Thanks for spotting this @arapulido!
I implemented the bindingCreateParameterSchema and was still seeing the error you were getting above @arapulido. After asking in the #sig-service-catalog channel in Slack, it turns out an alpha feature needs to be enabled to allow asynchronous provisioning of bindings: https://github.com/kubernetes-incubator/service-catalog/blob/87a5db0e1e0359ce372037a235ce4448944c8611/charts/catalog/values.yaml#L127.
After enabling that, I was got a step further and got another error:
\"ResourceErrorCode\":\"403\",\"ResourceErrorMessage\":{\"code\":403,\"message\":\"User not authorized to perform this action.\",\"status\":\"PERMISSION_DENIED\"
Though I do see the subscription get created, as well as the service account (ticked the create service account option in the binding parameters). Not sure how to fix the permissions to get this working on the GCP side, but getting closer.
I tried to create a binding for an instance of Google Cloud Pub/Sub service (instance provisioning works fine), but the binding requires some parameters that you cannot pass with Kubeapps, so the binding fails:
Also the output of the binding is hardcoded to Azure Mysql, so even if it worked, the output woudn't make sense for the pubsub case:
The binding create OSB definition also has an optional JSON schema. For example, in the case of the Google PubSub this is:
We should implement the equivalent of #239 for Binding Creation as well