Skip to content

terraform: upgrade hashicorp/google to 6.7.0 #3440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 21, 2024
Merged

terraform: upgrade hashicorp/google to 6.7.0 #3440

merged 1 commit into from
Oct 21, 2024

Conversation

@burgerdev
Copy link
Member

@burgerdev burgerdev commented Oct 17, 2024
edited
Loading

Context

CI jobs have been running into GCP IAM inconsistencies, which are caused by a bad waiting condition in the Google Terraform provider. The issue has been fixed, but not backported to 5.x.

Proposed change(s)

  • Upgrade major version of Terraform provider

Related issue

Additional info

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@burgerdev burgerdev added the no changelog Change won't be listed in release changelog label Oct 17, 2024
@burgerdev burgerdev added this to the v2.20.0 milestone Oct 17, 2024
@netlify
Copy link

netlify bot commented Oct 17, 2024
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit d1ca6c7
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/671231f67e7d840009df5482

@burgerdev burgerdev marked this pull request as ready for review October 17, 2024 12:44
@burgerdev burgerdev requested a review from msanft October 17, 2024 12:44
@burgerdev
Copy link
Member Author

burgerdev commented Oct 18, 2024

All tests passed!

3u13r
3u13r reviewed Oct 18, 2024
View reviewed changes
terraform/infrastructure/iam/gcp/.terraform.lock.hcl
"zh:a66bfc55856693fe82a81554abf7fd72b8ca2d56a08cb59c4769c15b1a1acea5",
"zh:a8b242c5aab000f2a27e934930a75656efb4a96fdb06a419b22ae0daffa6fba3",
"zh:da9e9b40d632f218a3e0bb88b8cf95b91485cee1eb2fd2a384d45c2619c36da4",
"h1:2R/lqkaJ6+JzXLvMjV9RpS800/D+JBVJdUr5cMTCtqA=",
Copy link
Contributor

@3u13r 3u13r Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like not all hashes for all platform were generated. When a Terraform provider is upgraded by renovate we have one of the ci jobs fixing the hashes I think. Let me see if I can find an example PR.

Copy link
Member Author

@burgerdev burgerdev Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe //:generate should complain in that case, no?

Copy link
Member Author

@burgerdev burgerdev Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I think all is fine: we're explicitly locking 5 platforms, which should explain the h1 hashes, and the zh hashes are for all assets in the release.

Copy link
Contributor

@3u13r 3u13r Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I guess we loose 5 because we are not using google-beta anymore. That leaves me with 1 unaccounted hash but generally looks good.

Copy link
Member Author

@burgerdev burgerdev Oct 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which hash would that be?

Copy link
Contributor

@3u13r 3u13r Oct 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea how they map to the provider binaries, but I count 11 h1 hashes on the left side and 5 on the right.

Copy link
Member Author

@burgerdev burgerdev Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interestingly, we only had 11 h1 hashes for a few months, and even without google-beta: bdfb74f#diff-0c5774419575b03d643fef6eb386884b3871958bacb6950c1ea473bdfaaf054c.

I don't intend to pursue this any further, as mentioned above I think 5 h1 hashes is all we need.

3u13r
3u13r approved these changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@burgerdev burgerdev added the hold This cannot be merged right now label Oct 18, 2024
@burgerdev
Copy link
Member Author

burgerdev commented Oct 18, 2024

Let's hold this back until after the v2.19.0 release.

@burgerdev burgerdev removed the hold This cannot be merged right now label Oct 21, 2024
@burgerdev burgerdev merged commit 96ac712 into main Oct 21, 2024
16 checks passed
@burgerdev burgerdev deleted the burgerdev/gcp-iam branch October 21, 2024 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msanft msanft msanft approved these changes

+1 more reviewer

@3u13r 3u13r 3u13r approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

no changelog Change won't be listed in release changelog

Projects

None yet

Milestone

v2.20.0

Development

Successfully merging this pull request may close these issues.

4 participants

@burgerdev @3u13r @msanft