Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Region config check #1554

Merged
merged 29 commits into from
Jan 31, 2024
Merged

Region config check #1554

merged 29 commits into from
Jan 31, 2024

Conversation

VenelinMartinov
Copy link
Contributor

@VenelinMartinov VenelinMartinov commented Jan 24, 2024
edited
Loading

Should address issue raised in #129 (comment)

Adds region validation to the GCP provider.

Error before (during up):

  gcp:cloudfunctions:Function (test-published):
    error: 1 error occurred:
        * googleapi: Error 403: Permission denied on 'locations/westus' (or it may not exist)., forbidden

Error after (during preview):

Diagnostics:
  pulumi:providers:gcp (default_7_6_0):
    error: pulumi:providers:gcp resource 'default_7_6_0' has a problem: could not validate provider configuration: region "westus" is not available for project "pulumi-development". Available regions: ["asia-east1" "asia-east2" "asia-northeast1" "asia-northeast2" "asia-northeast3" "asia-south1" "asia-south2" "asia-southeast1" "asia-southeast2" "australia-southeast1" "australia-southeast2" "europe-central2" "europe-north1" "europe-southwest1" "europe-west1" "europe-west10" "europe-west12" "europe-west2" "europe-west3" "europe-west4" "europe-west6" "europe-west8" "europe-west9" "me-central1" "me-central2" "me-west1" "northamerica-northeast1" "northamerica-northeast2" "southamerica-east1" "southamerica-west1" "us-central1" "us-east1" "us-east4" "us-east5" "us-south1" "us-west1" "us-west2" "us-west3" "us-west4"]

@VenelinMartinov VenelinMartinov changed the base branch from master to vvm/dedup_gcp_preconfigure_check January 24, 2024 19:11
@VenelinMartinov VenelinMartinov marked this pull request as draft January 24, 2024 19:15
@VenelinMartinov VenelinMartinov mentioned this pull request Jan 24, 2024
Closed
Base automatically changed from vvm/dedup_gcp_preconfigure_check to master January 27, 2024 12:51
@github-actions GitHub Actions
Copy link

Does the PR have any schema changes?

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

@VenelinMartinov VenelinMartinov mentioned this pull request Jan 27, 2024
Merged
@VenelinMartinov VenelinMartinov marked this pull request as ready for review January 29, 2024 12:09
iwahbe
iwahbe reviewed Jan 30, 2024
View reviewed changes
Copy link
Member

@iwahbe iwahbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great change. I left a couple comments to address before we merge.

provider/provider_yaml_test.go Show resolved Hide resolved
provider/provider_yaml_test.go Outdated
t.Setenv("GOOGLE_PROJECT", "")
t.Setenv("GOOGLE_ZONE", "")
t.Setenv("GOOGLE_REGION", "")
credentialsValidationRun.Store(false)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not safe, since a different run of a similar test could set credentialsValidationRun to true between this store and a call to replay. I would prefer if remove the global state here, making credentialsValidationRun a local variable in Provider().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy to open an issue in the bridge about creating a PreCheckConfigCallback interface, which will have the semantics of only ever being called once and we can schedule follow-up work on this. The issue you described is unlikely and will only effect tests, so I'd say it is out of scope for this PR.

That interface would be useful on the AWS side and then we can also carry it over to other t1 providers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pulumi/pulumi-terraform-bridge#1658

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just saw pulumi/pulumi-aws#3310 (comment), good idea. Will do that instead.

provider/resources.go Outdated Show resolved Hide resolved
@VenelinMartinov VenelinMartinov mentioned this pull request Jan 30, 2024
Closed
@t0yv0
Copy link
Member

t0yv0 commented Jan 30, 2024
edited
Loading

error: pulumi:providers:gcp resource 'default_7_6_0' has a problem: could not validate provider configuration: region "westus" is not available for project "pulumi-development". Available regions: ["asia-east1" "asia-east2" "asia-northeast1" "asia-northeast2" "asia-northeast3" "asia-south1" "asia-south2" "asia-southeast1" "asia-southeast2" "australia-southeast1" "australia-southeast2" "europe-central2" "europe-north1" "europe-southwest1" "europe-west1" "europe-west10" "europe-west12" "europe-west2" "europe-west3" "europe-west4" "europe-west6" "europe-west8" "europe-west9" "me-central1" "me-central2" "me-west1" "northamerica-northeast1" "northamerica-northeast2" "southamerica-east1" "southamerica-west1" "us-central1" "us-east1" "us-east4" "us-east5" "us-south1" "us-west1" "us-west2" "us-west3" "us-west4"]

Usability nit: the list is rather long. Any chance to replace with URL? Also curious what happens if region is required but missing. I think that's the more common case than misspelling the region. But may need to be in a separate PR. Maybe it's OK, it's one of these things, clearly this is a huge improvement on status quo!

@iwahbe iwahbe mentioned this pull request Jan 31, 2024
Closed
@VenelinMartinov
Copy link
Contributor Author

VenelinMartinov commented Jan 31, 2024
edited
Loading

Usability nit: the list is rather long. Any chance to replace with URL?

I've adjusted the error message to point to the gcp docs. I've also separated them in txt files as in AWS.

Also curious what happens if region is required but missing

Unfortunately I don't believe we can do anything about that without breaking existing programs, since region is not required.:

  1. Some resources in GCP are actually global (like bucket), unlike AWS, so region is not needed.
  2. Users can specify the region on the resource itself without a global provider config.

@VenelinMartinov
Copy link
Contributor Author

https://github.com/pulumi/pulumi-gcp/actions/runs/7726974699/job/21064805014?pr=1554 More test failures due to the different project names during recording and CI.

I'll add a flag to skip the region check and use that in the tests. Might be good to have for users anyway, in case I'm not seeing some case in which this breaks. AWS has similar flags for the checks in preConfigureCallback

VenelinMartinov
VenelinMartinov commented Jan 31, 2024
View reviewed changes
provider/provider_test.go Outdated
if config != nil {
for k, v := range config {
test.SetConfig(k, v)
}
}
// The SetConfig above does not seem to be working here.
test.T().Setenv("PULUMI_GCP_SKIP_REGION_VALIDATION", "true")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is pulumi/providertest#56 will look into it later.

provider/resources.go
return fmt.Errorf(noCredentialsErr, err)
}

skipRegionValidation := tfbridge.ConfigBoolValue(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a config flag to control the region validation behaviour.

iwahbe
iwahbe approved these changes Jan 31, 2024
View reviewed changes
Copy link
Member

@iwahbe iwahbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. LGTM

@VenelinMartinov VenelinMartinov enabled auto-merge (squash) January 31, 2024 19:17
@VenelinMartinov VenelinMartinov merged commit fa56f09 into master Jan 31, 2024
16 checks passed
@VenelinMartinov VenelinMartinov deleted the vvm/region_check branch January 31, 2024 19:44
@t0yv0 t0yv0 mentioned this pull request Feb 7, 2024
Closed
t0yv0 added a commit that referenced this pull request Feb 8, 2024
@t0yv0
Revert "Region config check (#1554)"
9834b63 
This reverts commit fa56f09.
@t0yv0 t0yv0 mentioned this pull request Feb 8, 2024
Merged
t0yv0 added a commit that referenced this pull request Feb 8, 2024
@t0yv0
Revert "Region config check (#1554)"
dc5f07e 
This reverts commit fa56f09.
t0yv0 added a commit that referenced this pull request Feb 8, 2024
@t0yv0
Revert broken region validation (#1650)
55dea34 
This reverts #1554 

Fixes #1641
@VenelinMartinov VenelinMartinov mentioned this pull request Feb 13, 2024
Merged
VenelinMartinov added a commit that referenced this pull request Feb 16, 2024
@VenelinMartinov
Reintroduce region checks (#1666)
f69bcd0 
Should fix #129 by
reintroducing #1554 reverted in
#1650

I've also added a mechanism to pass in options to the GCP client via
`preConfigureCallback` as well as tests for that around the region list
behaviour.

I haven't tested with OIDC auth since it seems quite involved. The new
tests should ensure that we have not introduced any failures there, LMK
if you don't think this is sufficient.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guineveresaenger guineveresaenger guineveresaenger left review comments

@iwahbe iwahbe iwahbe approved these changes

@t0yv0 t0yv0 Awaiting requested review from t0yv0

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@VenelinMartinov @t0yv0 @guineveresaenger @iwahbe