Reputation: 71
Gcloud cloud build local component failing with error "Error loading config file: unknown field "availableSecrets" in cloudbuild.Build"
Greetings stackoverflow community! First time asker, long time user.
I am testing out my cloudbuild.yaml file locally using Cloud Build Local component and Secret Manager and it is failing on "availableSecrets".
Error message: Error loading config file: unknown field "availableSecrets" in cloudbuild.Build
- OS Platform: Windows 10/WSL2/Ubuntu 18.04
- cloud-build-local: v0.5.2
- Docker engine: v20.10.2
- Nodejs version: v14.15.3
- NPM version: 6.14.9
- gcloud version: 326.0.0
- Installed components: [BigQuery Command Line Tool, Cloud Datastore Emulator, Cloud SDK Core Libraries, Cloud Storage Command Line Tool, Google Cloud Build Local Builder, gcloud Beta Commands]
Documentation on Cloud Build build file: https://cloud.google.com/cloud-build/docs/build-config Documentation to configure secrets with cloud build: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets Documentation for cloud build local: https://cloud.google.com/cloud-build/docs/build-debug-locally
Steps performed:
- Added secrets to Secret Manager
- Enabled API between Cloud Build and Secrets Manager
- Added cloudbuild service account as member of each secret password.
- Added IAM permission Secret Manager Secrets Accessor to cloudbuild user. I don't know where I got this info from but it is residual at this point from other attempts to use Secret Manager with cloudbuild. I am not sure of the difference between applying access here vs applying to the Secret Manager secret.
Command: cloud-build-local --config=cloudbuild.staging.yaml --dryrun=false .
cloudbuild.staging.yaml:
- name: gcr.io/cloud-builders/npm
entrypoint: 'npm'
args: [ 'install' ]
- name: 'gcr.io/cloud-builders/gcloud'
args: ["app", "deploy"]
env:
- 'DAO_FACTORY=datastore'
- 'POLL_INTERVAL=15'
- 'PROMPT=staging>'
- 'ENVIRONMENT=staging'
- 'NAMESPACE=staging'
- 'RESET_DATASTORE=false'
secretEnv: ['ADMIN_USER', 'SUPER_ADMINS', 'BOT_TOKEN']
availableSecrets:
secretManager:
- versionName: projects/{project token}/secrets/SYSTEM_USER/versions/1
env: 'ADMIN_USER'
- versionName: projects/{project token}/secrets/SUPER_ADMINS/versions/1
env: 'SUPER_ADMINS'
- versionName: projects/{project token}/secrets/BOT_TOKEN/versions/2
env: 'BOT_TOKEN'```
Tag: cloud-build-local. I guess without reputation a meaningful tag cannot be created. Maybe an esteemed community member will create this as this may be specific to cloud-build-local only.
Upvotes: 6
Views: 2084
Answers (2)
Reputation: 71
Support for Google Secret Manager in Google Cloud Build descriptor file is apparently very new and does not appear to be supported by cloud-build-local component at this time; please see comment from Guillaume about feature being a week old. When cloud build descriptor is ran in Cloud Build, it works fine.
Upvotes: 1
Related Questions
- ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not parse service account URL
- gcloud builds submit substitutions not working properly. (ERROR: (gcloud.builds.submit) INVALID_ARGUMENT.)
- Error when deploying to App Engine through Cloud Build
- "gcloud builds submit" is not triggering error for missing required substitutions
- Error on cloudbuild.yaml : (gcloud.builds.submit) interpreting cloudbuild.yaml as build config: 'list' object has no attribute 'items'
- Google Cloud: Build always fails, MANIFEST_UNKNOWN error
- gcloud app deploy fails with only [ERROR]
- gcloud app deploy fails for flexible build
- Google CloudBuild artifacts YAML
- error with first time deploy to google compute engine.