Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error "DNS_FORWARDING address must be deleted through Cloud DNS" when running delete action for gcp.loadbalancer-address #7032

Open
swati-delphix opened this issue Dec 17, 2021 · 1 comment
Open

Error "DNS_FORWARDING address must be deleted through Cloud DNS" when running delete action for gcp.loadbalancer-address #7032

swati-delphix opened this issue Dec 17, 2021 · 1 comment
Labels
kind/bug

Comments

@swati-delphix
Copy link

Describe the bug

When I tried to use gcp.loadbalancer-address as one of my rule, it is bringing list of all ip's dnsfwrd, private, public etc.
And when I tried to run delete action against this rule using c7n-org, it is showing error "“A DNS_FORWARDING address must be deleted through Cloud DNS.">"

What did you expect to happen?

I expected it should be deleted if reported, else it should not be listed.

Cloud Provider

Google Cloud (GCP)

Cloud Custodian version and dependency information

Custodian:   0.9.12
Python:      3.7.9 (default, May 17 2021, 17:44:38) 
             [Clang 12.0.0 (clang-1200.0.32.29)]
Platform:    posix.uname_result(sysname='Darwin', nodename='xx', release='21.1.0', version='Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:23 PDT 2021; root:xnu-8019.41.5~1/RELEASE_X86_64', machine='x86_64')
Using venv:  True
Docker: False
Installed: 

PyJWT==1.7.1
adal==1.2.7
applicationinsights==0.11.10
apscheduler==3.7.0
argcomplete==1.12.3
attrs==21.2.0
azure-common==1.1.27
azure-core==1.17.0
azure-cosmos==3.2.0
azure-cosmosdb-nspkg==2.0.2
azure-cosmosdb-table==1.0.6
azure-functions==1.7.2
azure-graphrbac==0.61.1
azure-identity==1.6.0
azure-keyvault==4.1.0
azure-keyvault-certificates==4.3.0
azure-keyvault-keys==4.4.0
azure-keyvault-secrets==4.3.0
azure-mgmt-apimanagement==1.0.0
azure-mgmt-applicationinsights==1.0.0
azure-mgmt-authorization==1.0.0
azure-mgmt-batch==15.0.0
azure-mgmt-cdn==10.0.0
azure-mgmt-cognitiveservices==11.0.0
azure-mgmt-compute==19.0.0
azure-mgmt-containerinstance==7.0.0
azure-mgmt-containerregistry==8.0.0b1
azure-mgmt-containerservice==15.1.0
azure-mgmt-core==1.3.0
azure-mgmt-cosmosdb==6.4.0
azure-mgmt-costmanagement==1.0.0
azure-mgmt-databricks==1.0.0b1
azure-mgmt-datafactory==1.1.0
azure-mgmt-datalake-store==1.0.0
azure-mgmt-dns==8.0.0b1
azure-mgmt-eventgrid==8.0.0
azure-mgmt-eventhub==8.0.0
azure-mgmt-frontdoor==1.0.0
azure-mgmt-hdinsight==7.0.0
azure-mgmt-iothub==1.0.0
azure-mgmt-keyvault==8.0.0
azure-mgmt-logic==9.0.0
azure-mgmt-managementgroups==1.0.0b1
azure-mgmt-monitor==2.0.0
azure-mgmt-msi==1.0.0
azure-mgmt-network==17.1.0
azure-mgmt-policyinsights==1.0.0
azure-mgmt-rdbms==8.1.0
azure-mgmt-redis==12.0.0
azure-mgmt-resource==16.1.0
azure-mgmt-resourcegraph==7.0.0
azure-mgmt-search==8.0.0
azure-mgmt-servicefabric==1.0.0
azure-mgmt-sql==1.0.0
azure-mgmt-storage==17.1.0
azure-mgmt-subscription==1.0.0
azure-mgmt-trafficmanager==0.51.0
azure-mgmt-web==2.0.0
azure-nspkg==3.0.2
azure-storage-blob==12.8.1
azure-storage-common==2.1.0
azure-storage-file==2.1.0
azure-storage-file-share==12.5.0
azure-storage-queue==12.1.6
boto3==1.17.112
botocore==1.20.112
c7n==0.9.12
cachetools==4.2.2
certifi==2021.5.30
cffi==1.14.6
charset-normalizer==2.0.4
click==7.1.2
cryptography==3.4.7
distlib==0.3.2
google-api-core==1.31.1
google-api-python-client==1.12.8
google-auth==1.34.0
google-auth-httplib2==0.1.0
google-cloud-core==1.7.2
google-cloud-logging==1.15.1
google-cloud-monitoring==0.34.0
google-cloud-storage==1.41.1
google-crc32c==1.1.2
google-resumable-media==1.3.3
googleapis-common-protos==1.53.0
httplib2==0.19.1
idna==3.2
importlib-metadata==4.6.3
isodate==0.6.0
jmespath==0.10.0
jsonschema==3.2.0
msal==1.13.0
msal-extensions==0.3.0
msrest==0.6.21
msrestazure==0.6.4
netaddr==0.7.20
oauthlib==3.1.1
packaging==21.0
portalocker==1.7.1
protobuf==3.17.3
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycparser==2.20
pyparsing==2.4.7
pyrsistent==0.17.3
python-dateutil==2.8.2
pytz==2021.1
pyyaml==5.4.1
ratelimiter==1.2.0.post0
requests==2.26.0
requests-oauthlib==1.3.0
retrying==1.3.3
rsa==4.7.2
s3transfer==0.4.2
setuptools==47.1.0
six==1.16.0
tabulate==0.8.9
typing-extensions==3.10.0.0
tzlocal==2.1
uritemplate==3.0.1
urllib3==1.26.6
zipp==3.5.0

Policy

policies:
  - name: gcp-delete-noncompliant-ipaddress
    resource: gcp.loadbalancer-address
    mode:
      type: gcp-periodic
      schedule: "0 5/12 * * *" # Every twelve hours starting from 5 AM
      service-account: "xx"
      target-type: pubsub
      pubsub_topic: xx
    filters:
      - or:
          - "tag:owner": absent
          - "tag:project": absent
          - "tag:expiration": absent
          - "tag:costcenter": absent
    actions:
      - type: delete
      - type: notify
        subject: "DRY-RUN: Policy Report: Delete GCP IP address with missing tags on {{ account }} ({{ account_id }}) - {{ region }}"
        to:
          - xx.com
        transport:
          type: pubsub
          topic: "{pubsub_topic}"

Relevant log/traceback output

Error while executing policy Traceback (most recent call last): File "/workspace/c7n/policy.py", line 317, in run results = a.process(resources) File "/workspace/c7n_gcp/actions/core.py", line 65, in process self.process_resource_set(client, model, resource_set) File "/workspace/c7n_gcp/actions/core.py", line 73, in process_resource_set result = self.invoke_api(client, op_name, params) File "/workspace/c7n_gcp/actions/core.py", line 79, in invoke_api return client.execute_command(op_name, params) File "/workspace/c7n_gcp/client.py", line 400, in execute_command return self._execute(request) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/retrying.py", line 49, in wrapped_f return Retrying(*dargs, **dkw).call(f, *args, **kw) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/retrying.py", line 206, in call return attempt.get(self._wrap_exception) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/retrying.py", line 247, in get six.reraise(self.value[0], self.value[1], self.value[2]) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/six.py", line 719, in reraise raise value File "/layers/google.python.pip/pip/lib/python3.7/site-packages/retrying.py", line 200, in call attempt = Attempt(fn(*args, **kwargs), attempt_number, False) File "/workspace/c7n_gcp/client.py", line 490, in _execute num_retries=self._num_retries) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/googleapiclient/_helpers.py", line 134, in positional_wrapper return wrapped(*args, **kwargs) File "/layers/google.python.pip/pip/lib/python3.7/site-packages/googleapiclient/http.py", line 915, in execute raise HttpError(resp, content, uri=self.uri) googleapiclient.errors.HttpError: <HttpError 400 when requesting https://compute.googleapis.com/compute/v1/projects/xx/regions/us-central1/addresses/dns-forwardingxx?alt=json returned "A DNS_FORWARDING address must be deleted through Cloud DNS.". Details: "A DNS_FORWARDING address must be deleted through Cloud DNS.">

Extra information or context

Command running:
c7n-org run -c config.yaml -u rules/delete-noncompliant-ipaddress.yaml -s output
@swati-delphix
Copy link
Author

Any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swati-delphix