Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

benchmark collides on subsequent/concurrent testing #44

Open
wideawakening opened this issue Oct 1, 2021 · 1 comment
Open

benchmark collides on subsequent/concurrent testing #44

wideawakening opened this issue Oct 1, 2021 · 1 comment
Assignees
@nkraemer-sysdig

Comments

@wideawakening
Copy link
Contributor

wideawakening commented Oct 1, 2021
edited
Loading

Same as it happend on AWS (fixed in sysdiglabs/terraform-aws-secure-for-cloud#26) we're getting collision on both simple/org examples, when concurrent testing, on following resources

guess it's low-prio as it would affect only QA

- KO. federation working pool.

In order to use Workload Identity Federation to retrieve a temporary token, the Sysdig backend needs to make a request to this specific WIF pool. This URL is currently built using the projectID, however it always uses sysdig as the pool ID. In order to support dynamic poolIDs, this information needs to be sent to the backend, persisted, and passed along to all consumers.
#129 (comment)

  • service account
│ Error: Error creating service account: googleapi: Error 409: Service account sysdigcloudbench already exists within project projects/integral-legend-204815., alreadyExists
│ 
│   with module.secure-for-cloud_example_organization.module.cloud_bench["integral-legend-204815"].google_service_account.sa,
│   on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 50, in resource "google_service_account" "sa":
│   50: resource "google_service_account" "sa" {
│ 


│ Error: Custom project role projects/test-for-hayk/roles/sysdigCloudBench already exists and must be imported
│ 
│   with module.secure-for-cloud_example_organization.module.cloud_bench["test-for-hayk"].google_project_iam_custom_role.custom,
│   on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 64, in resource "google_project_iam_custom_role" "custom":
│   64: resource "google_project_iam_custom_role" "custom" {
  • NOP. sysdig secure cloud account (yeah this is odd.. maybe derived from role collision?)

this happens because of the backend validation, a benchmark account (cloud-account-sysdig-client) can not be registered more than one

│ Error: 409 Conflict
│ 
│   with module.secure-for-cloud_example_organization.module.cloud_bench["cloudvision-member"].sysdig_secure_cloud_account.cloud_account,
│   on /home/iru/src/github/terraform-google-cloudvision/modules/services/cloud-bench/main.tf line 21, in resource "sysdig_secure_cloud_account" "cloud_account":
│   21: resource "sysdig_secure_cloud_account" "cloud_account" {
│
@nkraemer-sysdig
Copy link
Contributor

Addressed in #53

@wideawakening wideawakening mentioned this issue Oct 7, 2021
Merged
@wideawakening wideawakening changed the title benchmark collides on concurrent testing benchmark collides on subsequent/concurrent testing Oct 7, 2021
@wideawakening wideawakening mentioned this issue Nov 22, 2021
Merged
@wideawakening wideawakening mentioned this issue Dec 13, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nkraemer-sysdig nkraemer-sysdig

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wideawakening @nkraemer-sysdig