Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(tags): import of tag resources failed with 403 error #620

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

nlevee
Copy link

@nlevee nlevee commented Sep 13, 2024

Description of your changes

I've changed the way tags are imported when “managementPolicies” is set to “Observe”.

Currently, the import fails with at best a 403 error.

image

The problem is that the Terraform provider's import function expects to receive the “name” as an argument, with only the name as the value (without the “tagXXX/” prefix).

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested with resources in example directory.

Link to #627

@nlevee nlevee force-pushed the fix/tag-import-not-found branch 2 times, most recently from ad48e56 to a8fe9e3 Compare September 13, 2024 16:29
@nlevee
Copy link
Author

nlevee commented Sep 27, 2024

Hi!

Is there something wrong ? Please can you check if I have to rework something 🙏

@nlevee
Copy link
Author

nlevee commented Oct 29, 2024

Hi @ulucinar @sergenyalcin @turkenf,

Is there anything I can do to pass this PR ?

@jeanduplessis
Copy link
Collaborator

@nlevee We're aiming for a new provider release next week and will look to get this PR in for it.
Would you mind rebasing your PR on the latest from main branch since its quite a few commits behind already.

@jeanduplessis
Copy link
Collaborator

/test-examples="examples/tags/v1beta1/tagkey.yaml"

@jeanduplessis
Copy link
Collaborator

/test-examples="examples/tags/v1beta1/tagvalue.yaml"

@jeanduplessis
Copy link
Collaborator

/test-examples="examples/tags/v1beta1/tagbinding.yaml"

@nlevee
Copy link
Author

nlevee commented Oct 29, 2024

@nlevee We're aiming for a new provider release next week and will look to get this PR in for it. Would you mind rebasing your PR on the latest from main branch since its quite a few commits behind already.

Done 👍 thank you ☺️

Copy link
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @nlevee, thank you for your efforts in this PR. I left two comments for your consideration as an initial review.

@@ -19,15 +19,18 @@ func Configure(p *config.Provider) {
TerraformName: "google_tags_tag_value",
Extractor: common.ExtractResourceIDFuncPath,
}
config.MarkAsRequired(r.TerraformResource, "parent", "tag_value")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we mark these fields as required? and for the other two resources?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because those fileds are required in GCP API to retrieve and set.

Comment on lines 1 to 15
apiVersion: tags.gcp.upbound.io/v1beta1
kind: TagBinding
metadata:
annotations:
meta.upbound.io/example-id: tags/v1beta1/tagbinding
upjet.upbound.io/manual-intervention: "The resource requires a real external name"
crossplane.io/external-name: "&{tagBindingID}"
labels:
testing.upbound.io/example-name: binding
name: binding-external
spec:
managementPolicies: ["Observe"]
forProvider: {}

---
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not prefer to have examples of the same kind in the same YAML file. If the example you added is for a different scenario, for example, observe, it would be better to add a new example named tagbinding-observe.yaml.

Copy link
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nlevee, I have successfully tested the import of an existing resource with the example you gave, but when I try to create the resources from scratch, I see the following error. Can you create the resources successfully?

  conditions:
  - lastTransitionTime: "2024-11-01T15:05:53Z"
    message: 'observe failed: failed to observe the resource: [{0 Error when reading
      or editing TagsTagKey "key": googleapi: Error 400: com.google.apps.framework.request.StatusException:
      <eye3 title=''INVALID_ARGUMENT''/> generic::INVALID_ARGUMENT: Invalid CRM resource
      name: ''tagKeys/key''.  []}]'
    reason: ReconcileError
    status: "False"
    type: Synced

@nlevee
Copy link
Author

nlevee commented Nov 6, 2024

@nlevee, I have successfully tested the import of an existing resource with the example you gave, but when I try to create the resources from scratch, I see the following error. Can you create the resources successfully?

I'll try to reproduce on my side, I'll give you feed back asap.

@turkenf
Copy link
Collaborator

turkenf commented Nov 7, 2024

/test-examples="examples/tags/v1beta1/tagkey.yaml"

@turkenf
Copy link
Collaborator

turkenf commented Nov 7, 2024

I added data source for project id to the examples and removed the manual intervention, you can see the error in the uptest run.

Screenshot 2024-11-07 at 13 16 28

@nlevee
Copy link
Author

nlevee commented Nov 8, 2024

I added data source for project id to the examples and removed the manual intervention, you can see the error in the uptest run.

Screenshot 2024-11-07 at 13 16 28

When it create the resource, it must not set the label crossplane.io/external-name, because the name is built Google API. I think that's why there is this error. But I don't understand how to disable it but keeping the external-name management.

I think, I misconfigured it in externalname.go...

@nlevee nlevee requested a review from turkenf November 8, 2024 13:51
@nlevee
Copy link
Author

nlevee commented Nov 18, 2024

Hi @turkenf, can you help me ? 🙏

I realy don't understand why it try to get the resources before create... The external-name is not predictable.

@nlevee
Copy link
Author

nlevee commented Nov 27, 2024

Hi @turkenf 👋,
Can you help us to fix this PR ?

@turkenf
Copy link
Collaborator

turkenf commented Nov 27, 2024

Hi @nlevee,

Thank you for your patience here; I will check it out when I can and let you know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants