Add support for Stackdriver monitored project

[aeneasr]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

v0.11.10

Affected Resource(s)

• google_monitoring_alert_policy

Terraform Configuration Files

resource "google_project_services" "project" {
  depends_on = ["google_project.project"]

  project = "${google_project.project.project_id}"

  services = [
    // ...
    "logging.googleapis.com",
    "monitoring.googleapis.com",
    "stackdriver.googleapis.com",
  ]
}

resource "google_monitoring_alert_policy" "cluster" {
  project = "${var.google_project_id}"

  display_name = "ORY GKE Cluster Alert Policy"
  combiner = "OR"
  enabled = true
  conditions = [
    {
      display_name = "test condition"
      condition_threshold {
        filter = "resource.type=\"gke_cluster\" AND severety>=\"WARNING\""
        duration = "60s"
        comparison = "COMPARISON_GT"
        threshold_value = 0
      }
    }
  ]
}

Debug Output

Error: Error applying plan:

1 error(s) occurred:

* module.backoffice.google_monitoring_alert_policy.cluster: 1 error(s) occurred:
* google_monitoring_alert_policy.cluster: Error creating AlertPolicy: googleapi: Error 400: 'projects/<REDACTED>' is not a Stackdriver account project.

Expected Behavior

It should be possible to link the project to a StackDriver account or use google_monitoring_alert_policy right away.

Actual Behavior

I was unable to find any resources on how to link the project with the stackdriver account. It should either be documented how to achieve that (happy to do so after I know how to do it :) ) or added as a resource(?) or setting.

Steps to Reproduce

I have not tested it yet, but a minimal reproduction case is probably to create a new project and try to set up a monitoring alert right away.

References

• b/142750997 (outdated)
• b/194806937

[danawillow]

Hi @aeneasr, can you try having the alert policy depend on the project services resource? The current config looks like it'll run the two of them in parallel. Let me know how that goes! If it still doesn't work, can you post a gist of debug logs? https://www.terraform.io/docs/internals/debugging.html. Thanks!!

[aeneasr]

Hi @danawillow , thank you for the response! The dependence should be implicit because the project and project_services is being created in a different module (module gcp) than google_monitoring_alert_policy (module some_kubernetes_workspace). gcp declares the project ID as output and some_kubernetes_workspace uses the project ID as input to - among others - link the alert policy to the project. I'll set up a log gist now.

[aeneasr]

@danawillow would it be possible to send you the logs privately? I think that all sensitive info (API Keys, OAuth2 Client Secrets, ...) is locked away in k8s secrets but some things popped up in the trace/logs so I feel uncomfortable with sharing that publicly.

[danawillow]

Sure, that's fine. first name last name at google dot com. In the meantime, @chrisst is there anything that needs to be done to enable stackdriver besides enabling the API?

[chrisst]

I believe that in order to use stack driver for the first time you will need to enable a stack driver "workspace" which is loosely associated with a GCP project. I was hoping to deliver that but it looks like the api to create the workspace is still in development right now :(
So for now there is still a manual step of going to https://app.google.stackdriver.com/accounts and adding your workspace.

When they release the api that supports this I'll get it added in!

[aeneasr]

Oh I see, that's what I kinda feared. Thank you for the update. @danawillow I'll refrain from sharing the trace with you then.

[jaceq]

@chrisst Is there any separate github issue for building this API ? I wonder what kind of ETA are we talking about here... ?

[chrisst]

@jaceq Unfortunately the stack driver codebase and apis are closed source and so there isn't a good place for the community to see the feature development. I've been told by the team that they are working on it but I also don't have insight as to when it will be available.

[jaceq]

@chrisst Thank you for clarification. That's a bit of shame to be hanging in the dark.

[spmsaj]

I believe that in order to use stack driver for the first time you will need to enable a stack driver "workspace" which is loosely associated with a GCP project. I was hoping to deliver that but it looks like the api to create the workspace is still in development right now :(
So for now there is still a manual step of going to https://app.google.stackdriver.com/accounts and adding your workspace.

When they release the api that supports this I'll get it added in!

Hi, does this mean the api to create workspace is still not there from a GCP standpoint? And Terraform integration is waiting on that?

[rsalmond]

@spmsaj that is what I understand to be the case yes.

[ocervell]

API is now in alpha, but projects have to be whitelisted. We can work on the stackdriver workspace resource once it goes beta (undetermined ETA).

[jfotopoulos]

Hi.. any updates on this issue?

[jaceq]

@ocervell given it's almost half a year later... is this in beta finally?

[JessicaGreben]

I'm digging around the GCP monitoring API docs and I still don't see API support for creating stackdriver workspaces. Sad. I'm also asking in the GCP slack stackdriver channel about a timeline, but no word yet.

[jamesmoriarty]

@danawillow any updates from your side?

[danawillow]

No updates on a date. If you're part of the alpha, you can ask your GCP rep to contact our team on your behalf for support.

[ghost]

For the record, I'm also having the same issue. Had to create the workspace manually in StackDriver to be able to create the alert.

[emmaLP]

Is there a workaround for this in the meantime while this is is being worked on?

This is a blocker for a fully automated project set up.

[JessicaGreben]

@emmaLP the only workaround that I could come up with is to get early access to the alpha for Stackdriver Workspace API. I was told to talk with our Google Cloud Support point of contact to ask to be added to that. However you would still need to write the code to use the API to create stackdriver stuff, since terraform still doesn't have support for it.

[rileykarson]

Just a quick note since I was taking a look at this earlier- the API is still available in alpha/private preview and unavailable at beta/public preview, at which point we'll be able to make it available in the google-beta provider. Our team has automation tracking the launch, and we're hoping to bring out provider support soon after it's available.

[prowerse]

Yes. This is still pending. Was creating uptime check and failed with following error -

google_monitoring_uptime_check_config.check01: Creating...
Error: Error creating UptimeCheckConfig: googleapi: Error 404: Error while retrieving Stackdriver settings for project: projects/mickey-mouse-123456

Created stack driver workspace manually on console and it worked fine on next run. Would be appreciated if API for workspace creation is released sooner.

[apstndb]

Cloud Monitoring workspace is renamed to metrics scope and the API is in Public Preview.
https://cloud.google.com/monitoring/settings/manage-api

[rileykarson]

Oh, yep, we're working with https://github.com/GoogleCloudPlatform/declarative-resource-client-library to make that available, and add that to the provider. Sorry- forgot to update this issue initially!

[sreekanthgithub111]

👍

[pietrodn]

Ok, so how do we enable the Cloud Monitoring API using Terraform now?

[trodge]

Ok, so how do we enable the Cloud Monitoring API using Terraform now?

I believe you can already do so using google_project_service

I seem to have linked this issue in the wrong PR, causing it to close prematurely.
GoogleCloudPlatform/magic-modules#5218 will implement monitoring metrics scope and monitored project resources when it merges. These resources allow users to monitor metrics from multiple projects from the scope of a single project.

[rileykarson]

Closed in GoogleCloudPlatform/magic-modules#5218 / GoogleCloudPlatform/magic-modules#5235 (due for release Oct 4 in the google-beta provider, assuming no surprises)

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.