Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default value for publicKeyType in IAMServiceAccountKey does not work #331

Closed
fsommar opened this issue Dec 3, 2020 · 3 comments
Closed

Default value for publicKeyType in IAMServiceAccountKey does not work #331

fsommar opened this issue Dec 3, 2020 · 3 comments
Labels
bug Something isn't working

Comments

@fsommar
Copy link

fsommar commented Dec 3, 2020

Describe the bug
Using the default value for spec.publicKeyType in IAMServiceAccountKey will cause the resource to successfully be created, but then get stuck in a perpetual reconciliation loop with the following error message:

{"severity":"error","logger":"controller-runtime.controller","msg":"Reconciler error","controller":"iamserviceaccountkey-controller","request":"/sample","error":"Update call failed: error fetching live state: error reading underlying resource: summary: Error when reading or editing Service Account Key \"projects/PROJECTID/serviceAccounts/[email protected]/keys/cafebabe0deadbeef2020051e509bfd94e304688\": googleapi: Error 400: Invalid value at 'public_key_type' (type.googleapis.com/google.iam.admin.v1.ServiceAccountPublicKeyType), \"\", invalid, detail: "}

ConfigConnector Version
1.31.0

To Reproduce
Steps to reproduce the behavior:

Create an IAMServiceAccountKey resource while avoiding to set the spec.publicKeyType and spec.keyAlgorithm fields. The error message only indicates that spec.publicKeyType is the cause, so it might be enough to omit that from the full spec.

YAML snippets:

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccountKey
metadata:
  name: sample
spec:
  privateKeyType: TYPE_GOOGLE_CREDENTIALS_FILE
  serviceAccountRef:
    name: sample
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  name: sample
@fsommar fsommar added the bug Something isn't working label Dec 3, 2020
@maqiuyujoyce
Copy link
Collaborator

Hi @fsommar , thank you for reporting the issue. I was able to reproduce issue with the YAML snippet you provided. It seems to be a bug in Config Connector. We will look into it and will let you know if there are any updates.

@maqiuyujoyce
Copy link
Collaborator

Hi @fsommar , we've fixed the underlying issue in the 1.33.0 release, and I've verified that the IAMServiceAccountKey resource can be reconciled successfully after creation. Can you upgrade your version and see if it fixes your issue?

@fsommar
Copy link
Author

fsommar commented Dec 18, 2020

@maqiuyujoyce we've manually deleted the affected KRM and GCP resources so there are no longer any failing resources for us to verify on. Thank you for the fix, I'll close this now!

@fsommar fsommar closed this as completed Dec 18, 2020
@AndreLSnyk AndreLSnyk mentioned this issue Mar 7, 2021
Open
@Matthelonianxl Matthelonianxl mentioned this issue Mar 8, 2021
Open
@AndreLSnyk AndreLSnyk mentioned this issue Apr 30, 2023
Open
@AndreLSnyk AndreLSnyk mentioned this issue May 13, 2024
Open
@Matthelonianxl Matthelonianxl mentioned this issue May 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fsommar @maqiuyujoyce