Comments (10)
You need to set the field project to the action
project: {{ env["project"] }}
from deploymentmanager-samples.
Hi @aljim ,
I've recreated manually the firewall rule and added the field project:
resources:
- name: default-allow-rdp-delete
action: gcp-types/compute-beta:compute.firewalls.delete
properties:
firewall: default-allow-rdp
project: {{ env["project"] }}
metadata:
runtimePolicy:
- CREATE
but the result is the same:
$ gcloud deployment-manager deployments create resources --project "$DMPROJECT" --config resources.yaml
The fingerprint of the deployment is _YT3gm46P07otSkZwhG9Uw==
Waiting for create [operation-1519027018942-5658c09de4630-1dfc66bd-3c422754]...failed.
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1519027018942-5658c09de4630-1dfc66bd-3c422754]: errors:
- code: RESOURCE_ERROR
location: /deployments/resources/resources/default-allow-rdp-delete
message: "{\"ResourceType\":\"gcp-types/compute-beta:compute.firewalls.delete\"\
,\"ResourceErrorCode\":\"404\",\"ResourceErrorMessage\":{\"code\":404,\"errors\"\
:[{\"domain\":\"global\",\"message\":\"The resource 'projects/<projectID>/global/firewalls/default-allow-rdp'\
\ was not found\",\"reason\":\"notFound\"}],\"message\":\"The resource 'projects/<projectID>/global/firewalls/default-allow-rdp'\
\ was not found\",\"statusMessage\":\"Not Found\",\"requestPath\":\"https://www.googleapis.com/compute/beta/projects/<projectID>/global/firewalls/default-allow-rdp\"\
,\"httpMethod\":\"GET\"}}"
I can't understand the double execution in logs of the action.
Thanks
from deploymentmanager-samples.
Hi @davidebelloni, in which log did you see double execution of the action? can you share the log?
from deploymentmanager-samples.
Hi, here are the logs:
---
insertId: 1io2rkufrq1l0w
jsonPayload:
actor:
user: [projectNumber]@cloudservices.gserviceaccount.com
event_subtype: compute.firewalls.delete
event_timestamp_us: '1519201021586900'
event_type: GCE_OPERATION_DONE
operation:
global: true
id: '1117529425821340699'
name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
type: operation
resource:
global: true
id: '8301844294128407597'
name: default-allow-rdp
type: firewall
trace_id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
version: '1.2'
labels:
compute.googleapis.com/resource_id: '8301844294128407597'
compute.googleapis.com/resource_name: default-allow-rdp
compute.googleapis.com/resource_type: firewall
logName: projects/[projectId]/logs/compute.googleapis.com%2Factivity_log
receiveTimestamp: '2018-02-21T08:17:01.700464641Z'
resource:
labels:
firewall_rule_id: '8301844294128407597'
project_id: [projectId]
type: gce_firewall_rule
severity: INFO
timestamp: '2018-02-21T08:17:01.586900Z'
---
insertId: -cr9nwge1gpai
logName: projects/[projectId]/logs/cloudaudit.googleapis.com%2Factivity
operation:
id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
last: true
producer: compute.googleapis.com
protoPayload:
'@type': type.googleapis.com/google.cloud.audit.AuditLog
authenticationInfo:
principalEmail: [projectNumber]@cloudservices.gserviceaccount.com
methodName: beta.compute.firewalls.delete
requestMetadata:
callerIp: 10.94.46.21
callerSuppliedUserAgent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
(gzip)
resourceName: projects/[projectId]/global/firewalls/default-allow-rdp
serviceName: compute.googleapis.com
receiveTimestamp: '2018-02-21T08:17:02.445878901Z'
resource:
labels:
firewall_rule_id: '8301844294128407597'
project_id: [projectId]
type: gce_firewall_rule
severity: NOTICE
timestamp: '2018-02-21T08:17:01.519Z'
---
insertId: v2r8crfsju1mt
jsonPayload:
actor:
user: [projectNumber]@cloudservices.gserviceaccount.com
event_subtype: compute.firewalls.delete
event_timestamp_us: '1519201012439233'
event_type: GCE_API_CALL
ip_address: ''
operation:
global: true
id: '1117529425821340699'
name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
type: operation
request:
body: 'null'
url: https://www.googleapis.com/compute/beta/projects/[projectId]/global/firewalls/default-allow-rdp
resource:
global: true
id: '8301844294128407597'
name: default-allow-rdp
type: firewall
trace_id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
user_agent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
(gzip)
version: '1.2'
labels:
compute.googleapis.com/resource_id: '8301844294128407597'
compute.googleapis.com/resource_name: default-allow-rdp
compute.googleapis.com/resource_type: firewall
logName: projects/[projectId]/logs/compute.googleapis.com%2Factivity_log
receiveTimestamp: '2018-02-21T08:16:52.541456472Z'
resource:
labels:
firewall_rule_id: '8301844294128407597'
project_id: [projectId]
type: gce_firewall_rule
severity: INFO
timestamp: '2018-02-21T08:16:52.439233Z'
---
insertId: -cha6pod9j4e
logName: projects/[projectId]/logs/cloudaudit.googleapis.com%2Factivity
operation:
first: true
id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
producer: compute.googleapis.com
protoPayload:
'@type': type.googleapis.com/google.cloud.audit.AuditLog
authenticationInfo:
principalEmail: [projectNumber]@cloudservices.gserviceaccount.com
authorizationInfo:
- granted: true
permission: compute.firewalls.delete
methodName: beta.compute.firewalls.delete
requestMetadata:
callerIp: 10.94.46.21
callerSuppliedUserAgent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
(gzip)
resourceName: projects/[projectId]/global/firewalls/default-allow-rdp
response:
'@type': compute.googleapis.com/operation
id: '1117529425821340699'
insertTime: '2018-02-21T00:16:52.199-08:00'
name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
operationType: delete
progress: '0'
selfLink: https://www.googleapis.com/compute/beta/projects/[projectId]/global/operations/operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
status: PENDING
targetId: '8301844294128407597'
targetLink: https://www.googleapis.com/compute/beta/projects/[projectId]/global/firewalls/default-allow-rdp
user: [projectNumber]@cloudservices.gserviceaccount.com
serviceName: compute.googleapis.com
receiveTimestamp: '2018-02-21T08:16:53.209693102Z'
resource:
labels:
firewall_rule_id: '8301844294128407597'
project_id: [projectId]
type: gce_firewall_rule
severity: NOTICE
timestamp: '2018-02-21T08:16:51.863Z'
I can not understand if they reference the same operation, but the issue from DM remain!
Thanks
from deploymentmanager-samples.
@davidebelloni the issue is when polling the operation for completion, DM tries to get the actual value of the resource but the resource is deleted by then. This is a bug in DM and we have an internal bug to track the fix (ETA next 2 weeks). Currently for any action which deletes a resource, you have to set the "runtimePolicy" to DELETE to make it work properly.
from deploymentmanager-samples.
Hi @shuainie-google ,
the issue remain also with "runtimePolicy" set to DELETE.
Is there an ETA also for runtimePolicy and action DM documentation?
Thanks
from deploymentmanager-samples.
Hi @davidebelloni here is the config I'm using which is working:
resources:
- name: default-allow-rdp-delete
action: gcp-types/compute-v1:compute.firewalls.delete
properties:
firewall: default-allow-rdp
project: shuainie-project0
metadata:
runtimePolicy:
- DELETE
This will only delete the firewall when you delete the deployment.
Unfortunately we don't have a ETA for the action feature documentation since the release is currently blocked internally.
from deploymentmanager-samples.
Hi @shuainie-google ,
what I want is to delete a firewall rule from default network when I create (or update) the deployment, not in deletion!
Is there a workaround for the behaviour above?
from deploymentmanager-samples.
@davidebelloni, unfortunately we don't have a workaround for this now. A fix is in progress and the ETA in 2 weeks.
from deploymentmanager-samples.
@davidebelloni, the fix is released and I have validated the scenario. Closing this now.
from deploymentmanager-samples.
Related Issues (20)
- Incorrect assignment to database_name
- property should be notFoundPage instead of notFoundpage
- bucket property on defaultObjectAcl keeps throwing me an error
- Ref in Instance Template errors with CYCLIC_REFERENCES
- Broken link to community/cloud-foundation on front page HOT 1
- Create service accounts return INVALID_ARGUMENT
- Project creation sample missing HOT 2
- Miss
- Multiple Instances - Lables HOT 1
- How to assign roles to service account using jinja & YAML file HOT 2
- how to initially we can invoke cloud function from deployment manager?
- Assigning roles to groups using deployment manager
- Unable to provide conditional access to a service account on a project using DM HOT 1
- Create workload identity federation resources with gcloud
- lustre doesn't deploy if existing VPC is specified.
- How to Roll Back (Undo) a Deployment in GCP with Google Cloud Deployment Manager?
- Provide Support for Inline Function Code for Cloud Function Creation via Deployment Manager
- Deployment manager UPDATE error
- Failure issue with google deployment manager CLI
- container_manifest.yaml missing link to reference
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deploymentmanager-samples.