-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add oidcToken field to pubsub subscription #2120
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
@googlebot I signed it! |
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
Hello! I am a robot who works on Magic Modules PRs. I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review. They will authorize it to run through our CI pipeline, which will generate downstream PRs. Thanks for your contribution! A human will be with you soon. |
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesNew Pull RequestsI built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addition looks good but will you add either add usage as an example (in templates/terraform/examples/
) (which will generate a test) or add a handwritten test to third_party/terraform/tests/resource_pubsub_subscription_test.go
?
@tysen To test this, we need actual push endpoint with GCP IAM-auth compatible. CloudRun seems to be the best for the situation (and actually is what drove me to add this field), so I added the example (just following the below tutorial). However, Terraform lacks some features around CloudRun to complete tests (see comments in the example). Hence, I just set |
Or maybe, better to create another pr to add |
|
||
push_config { | ||
# TODO: this must be CloudRun's url, which is not currently exposed on the Terraform | ||
# push_endpoint = "${google_cloud_run_service.<%= ctx[:primary_resource_id] %>.status.url}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this pull requests will fix this: #2185
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
I'm going to hold off on the review until #2185 is done and the tests here use the new url field, so that we can run them automatically. |
FWIW, I'm not sure #2185 will solve this- it makes the |
@rileykarson is pointing out a very critical thing; it seems we need hashicorp/terraform-provider-google#4335 for this test to work |
Back from vacation- looks like that issue was a dupe of hashicorp/terraform-provider-google#4091, which was assigned to me. I realistically won't be able to even start working on it for at least another 2-3 weeks, so I unassigned it in case anyone else wants to look at it. |
Adding for completeness- @tmshn mentioned in hashicorp/terraform-provider-google#4091 they were interested in working on the issue. Once that's done, we can proceed with this PR as we'll be able to test it. |
@rileykarson @danawillow @slevenick Maybe this PR is no more needed due to merge of #2440 ? |
Yup, that looks to be the case. Sorry for taking so long on the review, and thank you for your patience :) |
Added missing
oidcToken
field to pubsub subscription (which is equivalent of--push-auth-service-account
flag ofgcloud
command)Release Note for Downstream PRs (will be copied)