Skip to content
This repository has been archived by the owner on Jul 25, 2024. It is now read-only.

fix: resolves api_unit_test token creation + datastore permissions issues #665

Merged
merged 7 commits into from
Sep 23, 2022
Merged

fix: resolves api_unit_test token creation + datastore permissions issues #665

merged 7 commits into from
Sep 23, 2022

Conversation

pattishin
Copy link
Collaborator

@pattishin pattishin commented Sep 21, 2022
edited
Loading

Issue:
Resolves token retrieval error in unit-tests.cloudbuild.yaml. The curl fetch for new generated id token was throwing

{'error': {'code': 403, 'message': 'The caller does not have permission', 'status': 'PERMISSION_DENIED'}}

permissions error due to the cloudbuild service account not given the correct roles.

To recreate bug:

  • Required: You should have a working full setup of Emblem already
  • Create a new branch. Make any small change and create a pull request to trigger api-unit-tests.
  • You should a series of errors related to firestore database and permissions errors.

Fixes:

  • Adding roles/datastore.user (firestore), roles/iam.serviceAccountTokenCreator roles to cloudbuild service account

@pattishin pattishin requested a review from a team as a code owner September 21, 2022 05:28
@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. component: delivery Related to automation, testing, deployment of the application. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 21, 2022
@pattishin pattishin mentioned this pull request Sep 21, 2022
Closed
@pattishin
Copy link
Collaborator Author

hold please, will resolve the terraform fmt issue

rogerthatdev
rogerthatdev suggested changes Sep 21, 2022
View reviewed changes
Copy link
Contributor

@rogerthatdev rogerthatdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quick tf review

@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 22, 2022
@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 22, 2022
@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 23, 2022
@pattishin
Copy link
Collaborator Author

Ready for 👀 again!

rogerthatdev
rogerthatdev suggested changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@rogerthatdev rogerthatdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just one nit!

terraform/modules/ops/services.tf Outdated
@@ -11,6 +11,12 @@ locals {
beta_services = var.enable_apis ? [
"artifactregistry.googleapis.com"
] : []
# Cloud build service account roles
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works, but to keep this file just for services, add a local block with this value at the top of main.tf instead.

@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 23, 2022
@github-actions github-actions bot added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Sep 23, 2022
@rogerthatdev rogerthatdev merged commit caf1036 into main Sep 23, 2022
@rogerthatdev rogerthatdev deleted the fix/api-unit-test-permissions branch January 4, 2023 18:38
@grayside grayside mentioned this pull request Apr 19, 2023
Closed
@github-actions github-actions bot mentioned this pull request Jan 26, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rogerthatdev rogerthatdev rogerthatdev approved these changes

Assignees
No one assigned
Labels
component: delivery Related to automation, testing, deployment of the application. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pattishin @rogerthatdev