Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DCL Clients don't set X-Goog-User-Project header in API Calls #9204

Closed
upodroid opened this issue May 20, 2021 · 3 comments
Closed

DCL Clients don't set X-Goog-User-Project header in API Calls #9204

upodroid opened this issue May 20, 2021 · 3 comments
Labels
bug

Comments

@upodroid
Copy link
Contributor

@slevenick @rileykarson

I'm working on building apikeys (#8959 ) via DCL and it looks like dcl clients don't set that header. I fixed this in the http.client used by handwritten and mmv1 resources in GoogleCloudPlatform/magic-modules#3886.

---[ REQUEST ]---------------------------------------
GET /v2/projects/REDACTED/locations/global/keys/?alt=json HTTP/1.1
Host: apikeys.googleapis.com
User-Agent: Terraform/0.14.7 (+https://www.terraform.io) Terraform-Plugin-SDK/2.5.0 terraform-provider-google/acc DeclarativeClientLib/0.0.1
Content-Type: application/json
Accept-Encoding: gzip


-----------------------------------------------------
2021/05/20 19:17:52 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 403 Forbidden
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Thu, 20 May 2021 18:17:52 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "error": {
    "code": 403,
    "message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the apikeys.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/.",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "SERVICE_DISABLED",
        "domain": "googleapis.com",
        "metadata": {
          "service": "apikeys.googleapis.com",
          "consumer": "projects/764086051850"
        }
      }
    ]
  }
}


C02S62ZFFVH6:terraform-provider-google mahamed$ env | grep 'GOO\|USER_PR'
GOOGLE_BILLING_PROJECT=REDACTED
GOOGLE_REGION=us-central1
GOOGLE_USE_DEFAULT_CREDENTIALS=true
USER_PROJECT_OVERRIDE=true
GOOGLE_ZONE=us-central1-a
GOOGLE_PROJECT=REDACTED

unc resourceApikeysKeyRead(d *schema.ResourceData, meta interface{}) error {
	config := meta.(*Config)
	project, err := getProject(d, config)
	if err != nil {
		return err
	}

	obj := &apikeys.Key{
		DisplayName:  dcl.StringOrNil(d.Get("display_name").(string)),
		Project:      dcl.String(project),
		Restrictions: expandApikeysKeyRestrictions(d.Get("restrictions")),
		Name:         dcl.StringOrNil(d.Get("name").(string)),
	}

	res, err := config.clientApikeysDCL.GetKey(context.Background(), obj)
	if err != nil {
		// Resource not found
		d.SetId("")
		return err
	}

	if err = d.Set("display_name", res.DisplayName); err != nil {
		return fmt.Errorf("error setting display_name in state: %s", err)
	}
	if err = d.Set("project", res.Project); err != nil {
		return fmt.Errorf("error setting project in state: %s", err)
	}
	if err = d.Set("restrictions", flattenApikeysKeyRestrictions(res.Restrictions)); err != nil {
		return fmt.Errorf("error setting restrictions in state: %s", err)
	}
	if err = d.Set("create_time", res.CreateTime); err != nil {
		return fmt.Errorf("error setting create_time in state: %s", err)
	}
	if err = d.Set("etag", res.Etag); err != nil {
		return fmt.Errorf("error setting etag in state: %s", err)
	}
	if err = d.Set("name", res.Name); err != nil {
		return fmt.Errorf("error setting name in state: %s", err)
	}
	if err = d.Set("uid", res.Uid); err != nil {
		return fmt.Errorf("error setting uid in state: %s", err)
	}
	if err = d.Set("update_time", res.UpdateTime); err != nil {
		return fmt.Errorf("error setting update_time in state: %s", err)
	}

	return nil
}

https://github.com/GoogleCloudPlatform/declarative-resource-client-library/blob/main/dcl/config.go

DCL isn't accepting contributions now so it would be great if I could get this fixed soon.
@upodroid upodroid added the bug label May 20, 2021
@rileykarson
Copy link
Collaborator

Duplicates #8203

@upodroid
Copy link
Contributor Author

Thanks

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rileykarson @upodroid