Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: module seed_bootstrap now waiting on module required_groups #1273

Merged
merged 3 commits into from
Jun 25, 2024

Conversation

lpezet
Copy link
Contributor

@lpezet lpezet commented Jun 22, 2024

This is a fix for #1272

@lpezet lpezet requested review from rjerrems, gtsorbo, eeaton, sleighton2022 and a team as code owners June 22, 2024 21:44
Copy link

google-cla bot commented Jun 22, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@lpezet lpezet changed the title Module seed_bootstrap now waiting on module required_groups fix: module seed_bootstrap now waiting on module required_groups Jun 22, 2024
@lpezet
Copy link
Contributor Author

lpezet commented Jun 22, 2024

I tried to run the integration tests but I got this error like a couple minutes in:

│ Error: Request `Enable Project Service "sourcerepo.googleapis.com" for project "ci-foundation-zex7ux-5w89"` returned error: Batch request and retried single request "Enable Project Service \"sourcerepo.googleapis.com\" for project \"ci-foundation-zex7ux-5w89\"" both failed. Final error: failed to enable services: failed on request preconditions: googleapi: Error 403: Permission denied to enable service [sourcerepo.googleapis.com]
│ Help Token: AbBK4NqG5AcVXitpIUj7UK_72H2QlQp-kliqANjF4TzkMKUBQeOdFrOJbW-vTKuuDp54lt84e-fnPkL0_YeIOR86fbUrU5TaGBQMyaSQWSxGlhmx
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
│     "violations": [
│       {
│         "subject": "?error_code=110002\u0026service=servicemanagement.googleapis.com\u0026permission=servicemanagement.services.bind\u0026resource=ci-foundation-zex7ux-5w89",
│         "type": "googleapis.com"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "serviceusage.googleapis.com",
│     "metadata": {
│       "permission": "servicemanagement.services.bind",
│       "resource": "ci-foundation-zex7ux-5w89",
│       "service": "servicemanagement.googleapis.com"
│     },
│     "reason": "AUTH_PERMISSION_DENIED"
│   }
│ ]
│ , forbidden
│ 
│   with module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"],
│   on .terraform/modules/project/modules/project_services/main.tf line 31, in resource "google_project_service" "project_services":
│   31: resource "google_project_service" "project_services" {
│ 
╵

If someone could help me out with that one, I'd appreciate, so I can run tests on my end first.

@eeaton
Copy link
Collaborator

eeaton commented Jun 24, 2024

Error: Request Enable Project Service "sourcerepo.googleapis.com" for project "ci-foundation-zex7ux-5w89" returned error

Looks like you've bumped into the deprecation of CSR: https://cloud.google.com/source-repositories/docs. Existing customer organizations can continue to use CSR, but new organizations who have never used CSR prior to June 17 2024 cannot start using it.

We're in the process of replacing it and repositioning one of the other methods as the default deployment option (see #1249), but in the meantime you should be able to use the Github, Gitlab, or local deployment options.

Copy link
Collaborator

@eeaton eeaton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that there's no "s" at the end of the module name:
module.required_groups --> module.required_group

@lpezet
Copy link
Contributor Author

lpezet commented Jun 24, 2024

in the meantime you should be able to use the Github, Gitlab, or local deployment options.

I'm just running make docker_test_prepare as per CONTRIBUTING.md. How do I go about using Github for example to prepare and run tests then?

@lpezet
Copy link
Contributor Author

lpezet commented Jun 24, 2024

Note that there's no "s" at the end of the module name: module.required_groups --> module.required_group

Sorry! Just fixed it.

@eeaton
Copy link
Collaborator

eeaton commented Jun 24, 2024

I'm just running make docker_test_prepare as per CONTRIBUTING.md.

I see, looks like the test framework we use from the upstream CFT provider also has a dependency on Cloud Source Repositories. I'll add this to our backlog that we need to address the CSR deprecation for the docker tests as well. (For the record, I was referring to the deployment guidance here

Contributing.md has the same guidance for all repos that use CFT, but in this repo's case, because the foundation is so large and complex it's less practical. Many open source blueprints using CFT are a single project or two, so it's reasonable to ask contributors to create the entire repo as part of the tests, but in this case the time and effort to run all the tests in contributing.md can be disproportional.

My practical advice for working with this repo, particularly for making small changes: just run the make docker_generate_docs and make docker_test_lint . This will catch the obvious changes like referencing a non-existent variable. Then after you make a PR, there are mandatory CI tests run on our side to automatically create all the resources and run the full suite of tests against them.

@apeabody
Copy link
Contributor

I'm just running make docker_test_prepare as per CONTRIBUTING.md.

I see, looks like the test framework we use from the upstream CFT provider also has a dependency on Cloud Source Repositories. I'll add this to our backlog that we need to address the CSR deprecation for the docker tests as well. (For the record, I was referring to the deployment guidance here

Contributing.md has the same guidance for all repos that use CFT, but in this repo's case, because the foundation is so large and complex it's less practical. Many open source blueprints using CFT are a single project or two, so it's reasonable to ask contributors to create the entire repo as part of the tests, but in this case the time and effort to run all the tests in contributing.md can be disproportional.

My practical advice for working with this repo, particularly for making small changes: just run the make docker_generate_docs and make docker_test_lint . This will catch the obvious changes like referencing a non-existent variable. Then after you make a PR, there are mandatory CI tests run on our side to automatically create all the resources and run the full suite of tests against them.

Hi @eeaton - I suspect (without seeing diagnostic output) that the make docker_test_prepare dependency on Cloud Source Repositories is due to the sourcerepo API activation in this repo's test/setup: https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/test/setup/main.tf#L65C6-L65C16

That line could likely be commented out to verify or if not using Cloud Source Repositories.

@eeaton
Copy link
Collaborator

eeaton commented Jun 25, 2024

ACK thanks for the tip Andrew. I'll merge and close this PR, but add your comment about the likely CSR culprit to the tracking issue to replace CSR

@eeaton eeaton merged commit ceeead2 into terraform-google-modules:master Jun 25, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants