Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloud.google.com/go/artifactregistry/apiv1: artifactregistry incorrectly throws insufficient permissions error when activating artifactregistry and creating it in short succession #10528

Closed
avinashpancham opened this issue Jul 10, 2024 · 1 comment
Closed

cloud.google.com/go/artifactregistry/apiv1: artifactregistry incorrectly throws insufficient permissions error when activating artifactregistry and creating it in short succession #10528

avinashpancham opened this issue Jul 10, 2024 · 1 comment
Labels
triage me I really want to be triaged.

Comments

@avinashpancham
Copy link

Client

cloud.google.com/go/artifactregistry/apiv1

Environment

Cloud Run

Go Environment

$ go version
go version go1.21.3

Code

e.g.

import (
	artifactregistry "cloud.google.com/go/artifactregistry/apiv1"
	"cloud.google.com/go/artifactregistry/apiv1/artifactregistrypb"
	"context"
	"fmt"
	"log"
	"strings"
	"time"
)

func CreateArtifactRegistry(projectId, name, region string) error {
	ctx := context.Background()

	c, err := artifactregistry.NewClient(ctx)
	if err != nil {
		return err
	}
	defer c.Close()

	op, err := c.CreateRepository(ctx, &artifactregistrypb.CreateRepositoryRequest{
		Parent:       fmt.Sprintf("projects/%s/locations/%s", projectId, region),
		RepositoryId: name,
		Repository: &artifactregistrypb.Repository{
			Format: artifactregistrypb.Repository_DOCKER,
		},
	})

	if err != nil {
		return err
	}

	_, err = op.Wait(ctx)
	if err != nil {
		return err
	}

	return nil
}

In a different part of the code I assign the identity calling the API the artifactregistry.admin role

Expected behavior

Code creates the artifact registry
Actual behavior

First time code fails with the error
Failed to create the artifact registry with error error details: name = ErrorInfo reason = IAM_PERMISSION_DENIED domain = artifactregistry.googleapis.com metadata = map[permission:artifactregistry.repositories.create resource:projects/XXXXXXXXXXXXXX/locations/europe-west4]

After a few minutes I can retry and then the code succeeds.

Additional context
Issue seems to be happening already for a while.
hashicorp/terraform-provider-google#9902
https://stackoverflow.com/questions/68861314/google-artifact-registry-repository-seems-to-ignore-the-depends-on-attribute
@avinashpancham avinashpancham added the triage me I really want to be triaged. label Jul 10, 2024
@codyoss
Copy link
Member

codyoss commented Jul 10, 2024

I don't think this is an issue with the client library as it sounds like, if anything, an issue with the backend service. But really I am not sure it is an issue there either, but I am not an expert here. It sounds like some long running operation has not completed yet when you try to call this quickly after enabling the API. Depending on the API I think this can take a couple minutes. Hope that helps. Closing as this is not directly related to the client library.

@codyoss codyoss closed this as completed Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage me I really want to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codyoss @avinashpancham