Reputation: 578
getEffectiveOrgPolicy error on google cloud run secret mounted volume
Today when I went to deploy a new revision of a cloud run application I was unable to press the deploy key. No error or nothing just an unresponsive key.
I use secret manager and I have narrowed down the issue to the step where you add the secret mounted volume. When I do this, I receive the following error when I inspect the network.
{
"error": {
"code": 404,
"message": "Requested entity was not found.",
"status": "NOT_FOUND"
}
}
{"constraint":"constraints/gcp.SecretManagerFilesystemAccess"}
However, when I go lookup the constraints in the documentation, this constraint doesn't exist.
I do have some organizational policies set like refusing the ability to create service accounts, create service keys or upload keys, but I have confirmed that my other organization has the same settings and is having no trouble.
Does anyone from google have any information regarding this issue?
EDIT:
Steps to reproduce this issue.
- Open Google Cloud Platform.
- Click "Cloud Run" from navigation bar.
- Select Service
- Click "Edit and Deploy New Revision"
- Open Inspector, click Network, clear current items.
- "Select Variables and Secrets"
- Click "reference a secret".
This produces the following error on url:
https://cloudresourcemanager.clients6.google.com/v1/projects/PROJECTID:getEffectiveOrgPolicy?key=
{
"error": {
"code": 404,
"message": "Requested entity was not found.",
"status": "NOT_FOUND"
}
}
{"constraint":"constraints/gcp.SecretManagerFilesystemAccess"}
I can see this also produces a validation form error when the "Deploy" button is pressed that is not visible as well.
Upvotes: 2
Views: 360
Answers (1)
Reputation: 578
I was able to solve this using the following command in the CLI.
gcloud beta run deploy nightpricer-api \
--image=gcr.io/io-nightpricer-prod/nightpricer-api@sha256:d74ac81ced1628929075d6c8e97b039ac705663bf3a988cbb57bfad77a30a6dd \
--platform=managed \
--region=us-central1 \
--project=io-nightpricer-prod \
--update-secrets=/config/secrets=APP_SECRETS:latest,/config1/gmail=GMAIL_APPLICATION_CREDENTIALS:latest \
--service-account=firebase-adminsdk-hbr00@io-nightpricer-prod.iam.gserviceaccount.com
Upvotes: 1
Related Questions
- Can't access secret in GCP Secret Manager
- How do I access mounted secrets when using Google Cloud Run?
- GCP Cloud Function not mounting latest secret from Secret Manager
- Not able to access gcp secret manager from standalone go application
- accessing secret from google secret manager
- GCP VM Instance is not able to access secrets from Secret Manager despite of appropriate Roles
- How to properly use a secret from the Secret Manager in a Cloud Run deployment via gcloud shell
- Problems on Accessing Secret Manager on Google Cloud
- google cloud secret manager nodejs getsecret problem
- GCP - Can't use Google Secret Manager (@google-cloud/secret-manager) inside Cloud Run