Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a malformed IAM user to AlloyDB User, could not delete it. #20748

Open
mdcsaenz opened this issue Dec 18, 2024 · 1 comment
Open

Added a malformed IAM user to AlloyDB User, could not delete it. #20748

mdcsaenz opened this issue Dec 18, 2024 · 1 comment
Labels
bug forward/linked service/alloydb

Comments

@mdcsaenz
Copy link

mdcsaenz commented Dec 18, 2024
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.9.4
on darwin_arm64

  • provider registry.terraform.io/hashicorp/google v6.14.1
  • provider registry.terraform.io/hashicorp/google-beta v6.14.1

Affected Resource(s)

  • resource "google_alloydb_user"
  • resource "google_alloydb_cluster"
  • resource "google_alloydb_instance"

Terraform Configuration

Error: Error when reading or editing AlloydbUser "projects/PROJECT_ID/locations/us-central1/clusters/ALLOYDB_CLUSTER/users/group:[email protected]": googleapi: Error 400: Malformed name: 'group:gcp-thegrp-name@company.com'
Details:
[
  ***
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      ***
        "description": "Resource name violates RFC 3986",
        "field": "group:[email protected]"
      ***
    ]
  ***
]

Debug Output


`gcloud alloydb users delete 'group:[email protected]' --cluster=alloydb-cluster-name --region=us-central1 --verbosity=debug --project=our-project-dev-00

DEBUG: Running [gcloud.alloydb.users.delete] with arguments: [--cluster: "alloydb-cluster-name", --project: "our-project-dev-00", --region: "us-central1", --verbosity: "debug", USERNAME: "group:[email protected]"]

User will be deleted from cluster upon completion.



Do you want to continue (Y/n)? y



DEBUG: Starting new HTTPS connection (1): alloydb.googleapis.com:443

DEBUG: https://alloydb.googleapis.com:443 "DELETE /v1/projects/our-project-dev-00/locations/us-central1/clusters/alloydb-cluster-name/users/group:[email protected]?alt=json HTTP/1.1" 400 None

DEBUG: Chosen display Format:default

DEBUG: Chosen display Format:default

DEBUG: Chosen display Format:default

DEBUG: (gcloud.alloydb.users.delete) INVALID_ARGUMENT: Malformed name: 'group:[email protected]'

- '@type': type.googleapis.com/google.rpc.BadRequest

 fieldViolations:

 - description: Resource name violates RFC 3986

  field: group:[email protected]

Traceback (most recent call last):

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 998, in Execute

  resources = calliope_command.Run(cli=self, args=args)

        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 842, in Run

  resources = command_instance.Run(args)

        ^^^^^^^^^^^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/surface/alloydb/users/delete.py", line 84, in Run

  return alloydb_client.projects_locations_clusters_users.Delete(req)

      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/googlecloudsdk/generated_clients/apis/alloydb/v1/alloydb_v1_client.py", line 523, in Delete

  return self._RunMethod(

      ^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 747, in _RunMethod

  return self.ProcessHttpResponse(method_config, http_response, request)

      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 753, in ProcessHttpResponse

  self.__ProcessHttpResponse(method_config, http_response, request))

  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 File "/Users/userperson/Downloads/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 612, in __ProcessHttpResponse

  raise exceptions.HttpError.FromResponse(

apitools.base.py.exceptions.HttpBadRequestError: HttpError accessing <https://alloydb.googleapis.com/v1/projects/our-project-dev-00/locations/us-central1/clusters/alloydb-cluster-name/users/group:[email protected]?alt=json>: response: <{'vary': 'Origin, X-Origin, Referer', 'content-type': 'application/json; charset=UTF-8', 'content-encoding': 'gzip', 'date': 'Mon, 16 Dec 2024 16:01:23 GMT', 'server': 'ESF', 'cache-control': 'private', 'x-xss-protection': '0', 'x-frame-options': 'SAMEORIGIN', 'x-content-type-options': 'nosniff', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'transfer-encoding': 'chunked', 'status': 400}>, content <{

 "error": {

  "code": 400,

  "message": "Malformed name: 'group:[email protected]'",

  "status": "INVALID_ARGUMENT",

  "details": [

   {

    "@type": "type.googleapis.com/google.rpc.BadRequest",

    "fieldViolations": [

     {

      "field": "group:[email protected]",

      "description": "Resource name violates RFC 3986"

     }

    ]

   }

  ]

 }

}

>

ERROR: (gcloud.alloydb.users.delete) INVALID_ARGUMENT: Malformed name: 'group:[email protected]'

- '@type': type.googleapis.com/google.rpc.BadRequest

 fieldViolations:

 - description: Resource name violates RFC 3986

  field: group:[email protected]`

Expected Behavior

It added the user regardless , should have failed in the plan by doing a validation of some sort on the alloydb_user resource.

Actual Behavior

Shouldn't of been able to add the malformed user in the first place. And since it was added we couldn't delete it via command line.

Steps to reproduce

  1. Create a cluster and an alloydb instance
  2. Create a alloydb_user with malformed ness "group:[email protected]"
  3. plan and apply
  4. Attempt to remove via cli gcloud alloydb users delete 'group:[email protected]' --cluster=alloydb-cluster-name --region=us-central1 --verbosity=debug --project=our-project-dev-00
  5. Delete the resource and attempt to plan and apply in terraform it will also fail.

Important Factoids

No response

References

No response

b/388156084
@mdcsaenz mdcsaenz added the bug label Dec 18, 2024
@github-actions github-actions bot added forward/review In review; remove label to forward service/alloydb labels Dec 18, 2024
@ggtisc ggtisc self-assigned this Jan 7, 2025
@ggtisc
Copy link
Collaborator

ggtisc commented Jan 7, 2025
edited
Loading

Confirmed issue

After executing the following code with a malformed user for the google_alloydb_user.user_id argument terraform returns an expected error saying that it is not possible to create the resource, but the resource was saved on the tfstate file and the resources can't be deleted through terraform or CLI, but I was able to delete them from the console (1st the instance and then the instance)

resource "google_compute_network" "vpc_20748" {
  name = "vpc-20748"
  auto_create_subnetworks = false
}

resource "google_alloydb_cluster" "alloydb_cluster_20748" {
  cluster_id = "alloydb-cluster-20748"
  location   = "us-central1"

  network_config {
    network = google_compute_network.vpc_20748.id
  }

  initial_user {
    password = "something"
  }
}

resource "google_compute_global_address" "global_address_20748" {
  name          = "global-address-20748"
  address_type  = "INTERNAL"
  purpose       = "VPC_PEERING"
  prefix_length = 16
  network       = google_compute_network.vpc_20748.id
}

resource "google_service_networking_connection" "networking_connection_20748" {
  network                 = google_compute_network.vpc_20748.id
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.global_address_20748.name]
}

resource "google_alloydb_instance" "alloydb_instance_20748" {
  cluster       = google_alloydb_cluster.alloydb_cluster_20748.name
  instance_id   = "alloydb-instance-20748"
  instance_type = "PRIMARY"
  depends_on    = [google_service_networking_connection.networking_connection_20748]
}

resource "google_alloydb_user" "alloydb_user_20748" {
  cluster         = google_alloydb_cluster.alloydb_cluster_20748.name
  user_id         = "group:[email protected]" # malformed user
  user_type       = "ALLOYDB_BUILT_IN"
  password        = "something"
  database_roles  = ["alloydbsuperuser"]
  depends_on      = [google_alloydb_instance.alloydb_instance_20748]
}

@ggtisc ggtisc added waiting-response and removed waiting-response forward/review In review; remove label to forward labels Jan 7, 2025
@ggtisc ggtisc removed their assignment Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug forward/linked service/alloydb
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mdcsaenz @modular-magician @ggtisc