6

Greetings stackoverflow community! First time asker, long time user.

I am testing out my cloudbuild.yaml file locally using Cloud Build Local component and Secret Manager and it is failing on "availableSecrets".

Error message: Error loading config file: unknown field "availableSecrets" in cloudbuild.Build

  • OS Platform: Windows 10/WSL2/Ubuntu 18.04
  • cloud-build-local: v0.5.2
  • Docker engine: v20.10.2
  • Nodejs version: v14.15.3
  • NPM version: 6.14.9
  • gcloud version: 326.0.0
  • Installed components: [BigQuery Command Line Tool, Cloud Datastore Emulator, Cloud SDK Core Libraries, Cloud Storage Command Line Tool, Google Cloud Build Local Builder, gcloud Beta Commands]

Documentation on Cloud Build build file: https://cloud.google.com/cloud-build/docs/build-config Documentation to configure secrets with cloud build: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets Documentation for cloud build local: https://cloud.google.com/cloud-build/docs/build-debug-locally

Steps performed:

  1. Added secrets to Secret Manager
  2. Enabled API between Cloud Build and Secrets Manager
  3. Added cloudbuild service account as member of each secret password.
  4. Added IAM permission Secret Manager Secrets Accessor to cloudbuild user. I don't know where I got this info from but it is residual at this point from other attempts to use Secret Manager with cloudbuild. I am not sure of the difference between applying access here vs applying to the Secret Manager secret.

Command: cloud-build-local --config=cloudbuild.staging.yaml --dryrun=false .

cloudbuild.staging.yaml:

- name: gcr.io/cloud-builders/npm
  entrypoint: 'npm'
  args: [ 'install' ]
- name: 'gcr.io/cloud-builders/gcloud'
  args: ["app", "deploy"]
  env:
  - 'DAO_FACTORY=datastore'
  - 'POLL_INTERVAL=15'
  - 'PROMPT=staging>'
  - 'ENVIRONMENT=staging'
  - 'NAMESPACE=staging'
  - 'RESET_DATASTORE=false'
  secretEnv: ['ADMIN_USER', 'SUPER_ADMINS', 'BOT_TOKEN']
availableSecrets:
  secretManager:
  - versionName: projects/{project token}/secrets/SYSTEM_USER/versions/1
    env: 'ADMIN_USER'
  - versionName: projects/{project token}/secrets/SUPER_ADMINS/versions/1
    env: 'SUPER_ADMINS'
  - versionName: projects/{project token}/secrets/BOT_TOKEN/versions/2
    env: 'BOT_TOKEN'```


Tag: cloud-build-local. I guess without reputation a meaningful tag cannot be created. Maybe an esteemed community member will create this as this may be specific to cloud-build-local only.
Improve this question
2
  • The feature is very very new (less than 1 week). Did you get the latest version of cloudbuild local? Commented Feb 7, 2021 at 21:56
  • Yeah, I figured that may be the case; I am never this close to a release :). I pushed the cloudbuild file with availableSecrets and it worked fine. I have other cloud build issues now but I will open a new ticket if I have some questions. Thank you for the validation. Commented Feb 7, 2021 at 22:00

2 Answers 2

Reset to default
1

Support for Google Secret Manager in Google Cloud Build descriptor file is apparently very new and does not appear to be supported by cloud-build-local component at this time; please see comment from Guillaume about feature being a week old. When cloud build descriptor is ran in Cloud Build, it works fine.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

does anyone know when will this be added? I am on version 331 and its not there still
I'm on 360.0.0 and it is still an issue.
0

I fixed a similar issue by upgrading the gcloud tool.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.