Hi, I'm trying to delete the default firewall rules by "default" network. If I

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Hi, here are the logs: <div class="snippet-clipboard-content notranslate position-

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Delete default firewall rules,about googlecloudplatform/deploymentmanager-samples

Comments (10)

aljim commented on June 26, 2024

You need to set the field project to the action

project: {{ env["project"] }}

from deploymentmanager-samples.

davidebelloni commented on June 26, 2024

Hi @aljim ,
I've recreated manually the firewall rule and added the field project:

resources:
- name: default-allow-rdp-delete
  action: gcp-types/compute-beta:compute.firewalls.delete
  properties:
    firewall: default-allow-rdp
    project: {{ env["project"] }}
  metadata:
    runtimePolicy:
    - CREATE

but the result is the same:

$ gcloud deployment-manager deployments create resources --project "$DMPROJECT" --config resources.yaml 
The fingerprint of the deployment is _YT3gm46P07otSkZwhG9Uw==
Waiting for create [operation-1519027018942-5658c09de4630-1dfc66bd-3c422754]...failed.                                                                                                                                                                                                                                       
ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1519027018942-5658c09de4630-1dfc66bd-3c422754]: errors:
- code: RESOURCE_ERROR
  location: /deployments/resources/resources/default-allow-rdp-delete
  message: "{\"ResourceType\":\"gcp-types/compute-beta:compute.firewalls.delete\"\
    ,\"ResourceErrorCode\":\"404\",\"ResourceErrorMessage\":{\"code\":404,\"errors\"\
    :[{\"domain\":\"global\",\"message\":\"The resource 'projects/<projectID>/global/firewalls/default-allow-rdp'\
    \ was not found\",\"reason\":\"notFound\"}],\"message\":\"The resource 'projects/<projectID>/global/firewalls/default-allow-rdp'\
    \ was not found\",\"statusMessage\":\"Not Found\",\"requestPath\":\"https://www.googleapis.com/compute/beta/projects/<projectID>/global/firewalls/default-allow-rdp\"\
    ,\"httpMethod\":\"GET\"}}"

I can't understand the double execution in logs of the action.

Thanks

from deploymentmanager-samples.

shuainie-google commented on June 26, 2024

Hi @davidebelloni, in which log did you see double execution of the action? can you share the log?

from deploymentmanager-samples.

davidebelloni commented on June 26, 2024

Hi, here are the logs:

---
insertId: 1io2rkufrq1l0w
jsonPayload:
  actor:
    user: [projectNumber]@cloudservices.gserviceaccount.com
  event_subtype: compute.firewalls.delete
  event_timestamp_us: '1519201021586900'
  event_type: GCE_OPERATION_DONE
  operation:
    global: true
    id: '1117529425821340699'
    name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
    type: operation
  resource:
    global: true
    id: '8301844294128407597'
    name: default-allow-rdp
    type: firewall
  trace_id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
  version: '1.2'
labels:
  compute.googleapis.com/resource_id: '8301844294128407597'
  compute.googleapis.com/resource_name: default-allow-rdp
  compute.googleapis.com/resource_type: firewall
logName: projects/[projectId]/logs/compute.googleapis.com%2Factivity_log
receiveTimestamp: '2018-02-21T08:17:01.700464641Z'
resource:
  labels:
    firewall_rule_id: '8301844294128407597'
    project_id: [projectId]
  type: gce_firewall_rule
severity: INFO
timestamp: '2018-02-21T08:17:01.586900Z'
---
insertId: -cr9nwge1gpai
logName: projects/[projectId]/logs/cloudaudit.googleapis.com%2Factivity
operation:
  id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
  last: true
  producer: compute.googleapis.com
protoPayload:
  '@type': type.googleapis.com/google.cloud.audit.AuditLog
  authenticationInfo:
    principalEmail: [projectNumber]@cloudservices.gserviceaccount.com
  methodName: beta.compute.firewalls.delete
  requestMetadata:
    callerIp: 10.94.46.21
    callerSuppliedUserAgent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
      (gzip)
  resourceName: projects/[projectId]/global/firewalls/default-allow-rdp
  serviceName: compute.googleapis.com
receiveTimestamp: '2018-02-21T08:17:02.445878901Z'
resource:
  labels:
    firewall_rule_id: '8301844294128407597'
    project_id: [projectId]
  type: gce_firewall_rule
severity: NOTICE
timestamp: '2018-02-21T08:17:01.519Z'
---
insertId: v2r8crfsju1mt
jsonPayload:
  actor:
    user: [projectNumber]@cloudservices.gserviceaccount.com
  event_subtype: compute.firewalls.delete
  event_timestamp_us: '1519201012439233'
  event_type: GCE_API_CALL
  ip_address: ''
  operation:
    global: true
    id: '1117529425821340699'
    name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
    type: operation
  request:
    body: 'null'
    url: https://www.googleapis.com/compute/beta/projects/[projectId]/global/firewalls/default-allow-rdp
  resource:
    global: true
    id: '8301844294128407597'
    name: default-allow-rdp
    type: firewall
  trace_id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
  user_agent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
    (gzip)
  version: '1.2'
labels:
  compute.googleapis.com/resource_id: '8301844294128407597'
  compute.googleapis.com/resource_name: default-allow-rdp
  compute.googleapis.com/resource_type: firewall
logName: projects/[projectId]/logs/compute.googleapis.com%2Factivity_log
receiveTimestamp: '2018-02-21T08:16:52.541456472Z'
resource:
  labels:
    firewall_rule_id: '8301844294128407597'
    project_id: [projectId]
  type: gce_firewall_rule
severity: INFO
timestamp: '2018-02-21T08:16:52.439233Z'
---
insertId: -cha6pod9j4e
logName: projects/[projectId]/logs/cloudaudit.googleapis.com%2Factivity
operation:
  first: true
  id: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
  producer: compute.googleapis.com
protoPayload:
  '@type': type.googleapis.com/google.cloud.audit.AuditLog
  authenticationInfo:
    principalEmail: [projectNumber]@cloudservices.gserviceaccount.com
  authorizationInfo:
  - granted: true
    permission: compute.firewalls.delete
  methodName: beta.compute.firewalls.delete
  requestMetadata:
    callerIp: 10.94.46.21
    callerSuppliedUserAgent: GoogleCloudDeploymentManager Google-API-Java-Client Google-HTTP-Java-Client/1.23.0-SNAPSHOT
      (gzip)
  resourceName: projects/[projectId]/global/firewalls/default-allow-rdp
  response:
    '@type': compute.googleapis.com/operation
    id: '1117529425821340699'
    insertTime: '2018-02-21T00:16:52.199-08:00'
    name: operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
    operationType: delete
    progress: '0'
    selfLink: https://www.googleapis.com/compute/beta/projects/[projectId]/global/operations/operation-1519201011784-565b48ca65942-7e5f6d7b-07eece93
    status: PENDING
    targetId: '8301844294128407597'
    targetLink: https://www.googleapis.com/compute/beta/projects/[projectId]/global/firewalls/default-allow-rdp
    user: [projectNumber]@cloudservices.gserviceaccount.com
  serviceName: compute.googleapis.com
receiveTimestamp: '2018-02-21T08:16:53.209693102Z'
resource:
  labels:
    firewall_rule_id: '8301844294128407597'
    project_id: [projectId]
  type: gce_firewall_rule
severity: NOTICE
timestamp: '2018-02-21T08:16:51.863Z'

I can not understand if they reference the same operation, but the issue from DM remain!

Thanks

from deploymentmanager-samples.

shuainie-google commented on June 26, 2024

@davidebelloni the issue is when polling the operation for completion, DM tries to get the actual value of the resource but the resource is deleted by then. This is a bug in DM and we have an internal bug to track the fix (ETA next 2 weeks). Currently for any action which deletes a resource, you have to set the "runtimePolicy" to DELETE to make it work properly.

from deploymentmanager-samples.

davidebelloni commented on June 26, 2024

Hi @shuainie-google ,
the issue remain also with "runtimePolicy" set to DELETE.

Is there an ETA also for runtimePolicy and action DM documentation?

Thanks

from deploymentmanager-samples.

shuainie-google commented on June 26, 2024

Hi @davidebelloni here is the config I'm using which is working:

resources:
- name: default-allow-rdp-delete
  action: gcp-types/compute-v1:compute.firewalls.delete
  properties:
    firewall: default-allow-rdp
    project: shuainie-project0
  metadata:
    runtimePolicy:
    - DELETE

This will only delete the firewall when you delete the deployment.
Unfortunately we don't have a ETA for the action feature documentation since the release is currently blocked internally.

from deploymentmanager-samples.

davidebelloni commented on June 26, 2024

Hi @shuainie-google ,
what I want is to delete a firewall rule from default network when I create (or update) the deployment, not in deletion!

Is there a workaround for the behaviour above?

from deploymentmanager-samples.

shuainie-google commented on June 26, 2024

@davidebelloni, unfortunately we don't have a workaround for this now. A fix is in progress and the ETA in 2 weeks.

from deploymentmanager-samples.

shuainie-google commented on June 26, 2024

@davidebelloni, the fix is released and I have validated the scenario. Closing this now.

from deploymentmanager-samples.

Delete default firewall rules about deploymentmanager-samples HOT 10 CLOSED

Comments (10)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent