Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GCP test package #701

Merged
merged 11 commits into from
Mar 15, 2022
Merged

Add GCP test package #701

merged 11 commits into from
Mar 15, 2022

Conversation

endorama
Copy link
Member

Adds gcp test package under test/packages/parallel with a basic test.

This PR splits from #662, where we deemed necessary proper testing to ensure correct functionality. To reduce complexity of #662 this PR only focus in having a single test running successfully in the CI.

Change:

  • add gcp test package
  • bump gcp test package version to 999.999.999
  • add GCP account supports in Jenkins pipeline
  • add gcp.compute datastream tests

@mtojek I don't know how to get GCP credentials usable by the CI, but I edited the Jenkinsfile to support GCP too.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 15, 2022

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-03-15T10:37:56.229+0000

  • Duration: 18 min 37 sec

Test stats 🧪

Test Results
Failed 0
Passed 563
Skipped 1
Total 564

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

.ci/Jenkinsfile Outdated
@@ -371,9 +371,15 @@ def withCloudTestEnv(Closure body) {
if (!aws.containsKey('secret_key')) {
error("${AWS_ACCOUNT_SECRET} doesn't contain 'secret_key'")
}
// GCP
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, it's not so simple in this case, but no worries, we'll sort it out :)

Could you please try something similar to this:

withCredentials([string(credentialsId: "${env.JOB_GCS_BUCKET_INTERNAL}", variable: 'GOOGLE_CREDENTIALS')]) {
  maskedVars.add([var: 'GOOGLE_CREDENTIALS', password: env.GOOGLE_CREDENTIALS]);
}

The idea is to pull the env from credentials and place it in the masked vars. Be careful not to leak the confidential data with some "print" :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, I tried :D I updated the code with your suggestion, still I do not understand who is going to set GOOGLE_CREDENTIALS variable in the GCP project :) (If there is any docs about this, happy to read them)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Elastic-package uses the env.yml file to pass selected env variables to the Terraform docker container.

I see that you also use GCP_PROJECT_ID. Is it required? If so, then we need to set it here too (hardcode?)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@endorama My bad, try this one: JOB_GCS_EXT_CREDENTIALS

Copy link
Member Author

@endorama endorama Feb 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GCP_PROJECT_ID is required, and is the project where resources will be created into, and where the credentials passed are valid. Should it be a masked var as well? Which project should I use?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@v1v We're having a hard time figuring out why the Jenkins pipeline fails here. Apparently, there isn't any error logged. We want to read the credentials for the elastic-observability account and store them in GOOGLE_CREDENTIALS.

Would you mind taking a look?

Copy link
Member Author

@endorama endorama Feb 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed and I added GCP_PROJECT_ID, but CI is still red without errors. I'm confused because there are no errors in the CI tasks.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bit of clarity about debugging errors:

  1. Genuine errors are reported correctly in the Blue Ocean UI
  2. Pipeline errors are not reported correctly in the Blue Ocean UI

The problem is related to the credentials type:

11:09:05  ERROR: Credentials 'beats-ci-gcs-plugin-file-credentials' is of type 'Secret file' where 'org.jenkinsci.plugins.plaincredentials.StringCredentials' was expected

The below command helped to debug the error:

curl -s https://beats-ci.elastic.co/job/Ingest-manager/job/elastic-package/job/PR-701/5/consoleText | grep -i error

I'll raise an issue to be able to show errors related to 2) since the ones for 1) are reported in the GitHub comment, but the ones for 2) are not (I don't know if I'll be success)

Copy link
Member

@v1v v1v Feb 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, sorry that you had some issues while debugging these errors. It's not a great user experience!

The traditional jenkins UI is the last resort to debug errors that are not easy to catch

Out of this scope, OTOH, with the Observing the CI/CD solution, for every build in the CI there will be a distributed trace, there is a direct link in the GitHub comment with the build status

image

Although, some spans are not shown (maybe the APM Server didn't cope with all the load) but I found the error in

image

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @v1v for bringing it up!

What we're trying to achieve here is to extract GOOGLE_CREDENTIALS for the elastic-observability account and pass it to the system tests runner (elastic-package Terraform service deployer). We have already done with AWS credentials (access key, secret access key) and it works well.

Now, it's time to fetch credentials for GCP. The GOOGLE_CREDENTIALS env will be passed to the Terraform service deployer (Docker container) to execute TF scenario and create GCP resources.

PS. Probably same story for GCP_PROJECT_ID.

@mtojek
Copy link
Contributor

mtojek commented Feb 17, 2022

I got this error now:


�[36mterraform_1  |�[0m 
�[36mterraform_1  |�[0m Plan: 1 to add, 0 to change, 0 to destroy.
�[36mterraform_1  |�[0m google_compute_instance.default: Creating...
�[36mterraform_1  |�[0m 
�[36mterraform_1  |�[0m Error: Error loading zone 'us-central1-a': googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/elastic-obs-integrations-dev/zones/us-central1-a', forbidden
�[36mterraform_1  |�[0m 
�[36mterraform_1  |�[0m   with google_compute_instance.default,
�[36mterraform_1  |�[0m   on compute.tf line 7, in resource "google_compute_instance" "default":
�[36mterraform_1  |�[0m    7: resource "google_compute_instance" "default" {
�[36mterraform_1  |�[0m 
�[36mterraform_1  |�[0m + echo 'Terraform definitions applied.'
�[36mterraform_1  |�[0m Terraform definitions applied.
�[36mterraform_1  |�[0m + set +x

I'm wondering which credentials is the TF using.

@v1v
Copy link
Member

v1v commented Feb 17, 2022

Hold on a minute! I'll write here since those credentials are not the ones to be used

.ci/Jenkinsfile Outdated
Comment on lines 381 to 369
// GCP
withCredentials([file(credentialsId: env.JOB_GCS_EXT_CREDENTIALS, variable: 'FILE_CREDENTIAL')]) {
maskedVars.add([var: 'GOOGLE_CREDENTIALS', password: readFile(file: env.FILE_CREDENTIAL)]);
maskedVars.add([var: 'GCP_PROJECT_ID', password: env.GCP_PROJECT_ID])
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need this section but a shared library step to wrap the command that requires the GCP connection:

This step allows to use the credentials stored in vault, this is much more dynamic. You can see an example in:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can experiment with withGCPEnv, but all we need is to sniff the GOOGLE_CREDENTIALS and pass it to the TF container (only this ENV, maybe also GCP_PROJECT_ID). We don't need full initialization of withGCPEnv. Once we pull the credentials, we can disable the withGCPEnv's context.

Let me know what you think.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just in case: I adapted the PR to use withGCP

@mtojek
Copy link
Contributor

mtojek commented Feb 17, 2022

I fixed the issue with Google Cloud credentials. Now the problem is:

[2022-02-17T17:44:34.020Z] Error: error running package system tests: could not complete test run: could not add data stream config to policy: could not add package to policy; API status code = 500; response body = {"statusCode":500,"error":"Internal Server Error","message":"Cannot read properties of undefined (reading 'credentials_file')"}

@mtojek
Copy link
Contributor

mtojek commented Feb 17, 2022

Error is most likely related to: elastic/kibana#125625

@mtojek
Copy link
Contributor

mtojek commented Feb 21, 2022

/test

@mtojek
Copy link
Contributor

mtojek commented Mar 1, 2022

@endorama Please change the default version temporarily to 8.0.1-SNAPSHOT to get rid of the error. It's the same change as in here. We expected the release v8.0.1 to happen last week, but it isn't still there?

@@ -6,5 +6,5 @@ package install

const (
// DefaultStackVersion is the default version of the stack
DefaultStackVersion = "8.0.0"
DefaultStackVersion = "8.0.1"
Copy link
Contributor

@mtojek mtojek Mar 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8.0.1-SNAPSHOT, unless the 8.0.1 has been already published.

@mtojek
Copy link
Contributor

mtojek commented Mar 1, 2022

@endorama CI failed due to a different reason than the misconfigured GCP terraform deployer. I suggest keeping digging in internal filebeat/metricbeat logs or policy.

@endorama
Copy link
Member Author

endorama commented Mar 2, 2022

I fixed the issue with metricbeat configuration, the current errors are (log simplified for easier reading):

ERROR | Could not make ListMetricDescriptors request for metric type firewall/dropped_bytes_count: rpc error: code = Unauthenticated desc = transport: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write" not defined
ERROR | Error creating runner from config: 1 error: error calling metricDescriptor function: Could not make ListMetricDescriptors request for metric type firewall/dropped_bytes_count: rpc error: code = Unauthenticated desc = transport: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write" not defined
ERROR | 1 error: Error creating runner from config: 1 error: error calling metricDescriptor function: Could not make ListMetricDescriptors request for metric type firewall/dropped_bytes_count: rpc error: code = Unauthenticated desc = transport: metadata: GCE metadata "instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write" not defined

They suggest an issue with GCP credentials. I noticed that credentials are in a different project than the target for resource creation (elastic-ci-prod vs elastic-observability). Could this be that current credentials don't have proper permissions on elastic-observability?

@mtojek
Copy link
Contributor

mtojek commented Mar 2, 2022

They suggest an issue with GCP credentials. I noticed that credentials are in a different project than the target for resource creation (elastic-ci-prod vs elastic-observability).

Where did you find that it uses a different project? Could you please double-check that Terraform uses the right one, elastic-observability and resources have been created?

Maybe current credentials don't allow for listing metrics (ListMetricDescriptors), but they allow for creating resources. It might be related to what @v1v suggested, to create a new secret secret/observability-team/ci/service-account/elastic-package-gcp (a new account?), which will contain required permissions.

I will try to help you with this.

@endorama
Copy link
Member Author

endorama commented Mar 2, 2022

In the metricbeat logs I found this:

 INFO | add_cloud_metadata: hosting provider type detected as gcp, metadata={"cloud":{"account":{"id":"elastic-ci-prod"},"availability_zone":"us-central1-a","instance":{"id":"1455824054848320415","name":"beats-ci-immutable-ubuntu-2004-1646153071957336231"},"machine":{"type":"n1-highmem-8"},"project":{"id":"elastic-ci-prod"},"provider":"gcp","service":{"name":"GCE"}}}

The cloud.project.id property is set to elastic-ci-prod, which suggests metricbeat is being run in that context.

From the logs I can confirm Terraform instance creation works and resource are created in elastic-observability project:

google_compute_instance.default: Creation complete after 13s [id=projects/elastic-observability/zones/us-central1-a/instances/test-70105]

I'm digging into which credentials are used at the moment (as it seems is using default credentials but I'm not sure which IAM account that is linked to)

@endorama
Copy link
Member Author

endorama commented Mar 2, 2022

Question: given the permission issue we are observing, I'm wondering the benefits of running the CI worker in a project and creating test resources in a different project. Is what we usually do? Should we continue trying to do this or should we just use the same GCP project?

/cc @v1v

@mtojek
Copy link
Contributor

mtojek commented Mar 2, 2022

@endorama I'm working (with Victor's help) on setting up a different service account. This way we can control permissions. I don't have preferences here, but I bet that we don't need to create a new project. Let's focus on merging/closing this PR first. Then, we can talk about improvements.

@@ -0,0 +1,6 @@
# wait_for_data_timeout: 10m
vars:
project_id: elastic-obs-integrations-dev
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't it be inherited, for example {{GCP_PROJECT_ID}}?

@mtojek
Copy link
Contributor

mtojek commented Mar 2, 2022

/test

@endorama
Copy link
Member Author

endorama commented Mar 2, 2022

Updated permission for test SA. Triggering tests

/test

@endorama
Copy link
Member Author

endorama commented Mar 2, 2022

/test

@mtojek
Copy link
Contributor

mtojek commented Mar 2, 2022

Nice, next level:

{"log.level":"error","@timestamp":"2022-03-02T17:05:08.372Z","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":99},"message":"Error creating runner from config: 1 error: string value is not set accessing 'project_id'","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-03-02T17:05:08.372Z","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":307},"message":"1 error: Error creating runner from config: 1 error: string value is not set accessing 'project_id'","service.name":"metricbeat","ecs.version":"1.6.0"}

- TF_VAR_GCP_PROJECT_ID=${GCP_PROJECT_ID}
- GCP_PROJECT_ID=${GCP_PROJECT_ID}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it necessary to define it twice here? You said that Terraform creates resources in the right project. Did you mean to include it in the test config?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TF_VAR is Terraform specific (as is the way Terraform accepts variables through environment variables); to prevent a dependency in test-default-config I think is better to have defined the pass through variable GCP_PROJECT_ID (which is a convention and how you would expect it to be called) and the TF_VAR format.

Even if it's true that the value is the same I would not consider this duplication as the variables have different usage.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I also wanted to quickly check if this was the root cause, so open to discussion)

Copy link
Contributor

@mtojek mtojek Mar 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: is this ENV (GCP_PROJECT_ID) required by any part of Terraform code? If not, let's follow KISS.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No is not (but is used in test-default-config)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it means that you don't need it in this file.

@endorama
Copy link
Member Author

endorama commented Mar 3, 2022

/test

@mtojek
Copy link
Contributor

mtojek commented Mar 8, 2022

I paired with @gpop63 and checked all the wires. It looks like we need at least 8.1.0 to use credentials_json, I will check that.

@endorama
Copy link
Member Author

endorama commented Mar 8, 2022

Luckily 8.1.0 release date is today. I'm going to rework this PR to clean it up, and wait for elastic-package to starts using 8.1.0.

As per elastic/integrations#2712
`credentials_json` presented some parsing issues when not quoted in the
agent template.

Leverage suggestion by @andrewkroh on raw escaping the credentials 
string.
#701 (comment)
Currently if period is less that the minimum the metricbeat reported
initialization fails.

See elastic/beats#30434
@endorama
Copy link
Member Author

Tests are failing due to an empty project_id field.

GCP_PROJECT_ID is set in Jenkinsfile as a masked value (but I don't think this has any implication) and GCP_PROJECT_ID env is used in test-default-config.yml to set project_id. I removed the GCP_PROJECT_ID env from tf/env.yml but as per this conversation shouldn't be a factor.

What am I missing?

@mtojek
Copy link
Contributor

mtojek commented Mar 10, 2022

Well, the Terraform runner reads the right project ID and it isn't hardcoded there, so Jenkins sets it correctly. We need to trace it down to the Metricbeat.

EDIT:

Last week we checked that the project_id exists in the policy:

Zrzut ekranu 2022-03-8 o 12 50 08

EDIT2:

Error:

metricbeat-20220310-3.ndjson:23:{"log.level":"error","@timestamp":"2022-03-10T10:31:24.910Z","log.logger":"centralmgmt","log.origin":{"file.name":"cfgfile/list.go","file.line":99},"message":"Error creating runner from config: 1 error: string value is not set accessing 'project_id'","service.name":"metricbeat","ecs.version":"1.6.0"}

... so what you have to do now is to try running it locally and check the agent's policy with elastic-agent inspect or diagnostics.

@mtojek
Copy link
Contributor

mtojek commented Mar 10, 2022

@endorama Please do not use the force-push mode as it erases the history. We won't be able to figure out why it was working (collecting metrics) before and now. Please use rebase/pull instead.

Here is my branch: https://github.com/mtojek/elastic-package/tree/gcp-test-package-2, which AFAIR worked well, collected metrics. You can use it to find out the differences.

Proof:

[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-792)[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-793)[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-794)[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-795)[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-796)[](https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Felastic-package/detail/PR-701/34/pipeline/255#step-1796-log-797)[2022-03-08T13:20:20.198Z] 2022/03/08 13:20:20 DEBUG found 0 hits in metrics-gcp.compute-ep data stream
[2022-03-08T13:20:21.202Z] 2022/03/08 13:20:21 DEBUG found 0 hits in metrics-gcp.compute-ep data stream
[2022-03-08T13:20:22.207Z] 2022/03/08 13:20:22 DEBUG found 0 hits in metrics-gcp.compute-ep data stream
[2022-03-08T13:20:23.211Z] 2022/03/08 13:20:23 DEBUG found 0 hits in metrics-gcp.compute-ep data stream
[2022-03-08T13:20:24.316Z] 2022/03/08 13:20:24 DEBUG found 379 hits in metrics-gcp.compute-ep data stream
[2022-03-08T13:20:52.535Z] 2022/03/08 13:20:52 DEBUG waiting for 1s before tearing down...
[2022-03-08T13:20:53.540Z] 2022/03/08 13:20:53 DEBUG reassigning original policy back to agent...

pipeline

@endorama
Copy link
Member Author

endorama commented Mar 10, 2022

@mtojek I have a backup branch for these cases, but I was hoping to push a clean history to reuse it as example in the future.

I misinterpreted your comment

So it means that you don't need it in this file.

in #701 (comment)

Is not needed but test-config-default.yml reads environment variables set by tf/env.yml.

Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused now as we managed to make it running a few days ago. Did you try to copy over files and figure out the diff?

Without `GCP_PROJECT_ID` tests fail. I see no reason why this is
happening, but `TF_VAR_gcp_project_id` is not enough for `project_id` to
be correctly filled in Agent configuration.
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm glad that the issue is fixed. I left few observations around the test configuration, mostly nit-picks/improvements.

}

resource "google_compute_instance" "default" {
name = "test-${var.TEST_RUN_ID}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a prefix identifying the instance with elastic-package. The test prefix may be too vague.


variable "zone" {
type = string
// NOTE: if you change this value you **must** change it also for test
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if it possible to read it from the env.yml config?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can pass it like the project id with TF_VAR_zone, but I would prefer having a default value so if someone runs it locally the value is already present.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can define default variables like this.

@endorama
Copy link
Member Author

@mtojek May you please help us understand why ce21b00 is necessary? I expected 141fc96 to be enough, as GCP_PROJECT_ID was not set but TF_VAR_gcp_project_id was.

@mtojek
Copy link
Contributor

mtojek commented Mar 10, 2022

It was designed to treat TF_VAR_ variables as internal, which should be used only within the Terraform. We wouldn't like to pollute agent policies with TF_VAR_s, which is more like an implementation detail, hence we skip them here. Imagine that we want to replace the TF setup with something else, for example, ansible. All TF_VAR_s would be meaningless.

Analyzing your case:

services:
  terraform:
    environment:
      - GCP_PROJECT_ID=${GCP_PROJECT_ID}
      # pass project id to Terraform
      - TF_VAR_gcp_project_id=${GCP_PROJECT_ID}
      - GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS}

From Terraform's perspective, it should be ok to set only the TF_VAR_gcp_project_id, but you need the other line:

      - GCP_PROJECT_ID=${GCP_PROJECT_ID}

to read the GCP_PROJECT_ID in the system test config. That's how GCP_PROJECT_ID and GOOGLE_CREDENTIALS magically appear in the agent policy.

@endorama
Copy link
Member Author

Great that makes perfect sense! So the current code is correct, may I ask for the final review then?

@mtojek
Copy link
Contributor

mtojek commented Mar 10, 2022

I guess you have to run the formatter now?

@mtojek mtojek self-requested a review March 15, 2022 11:11
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this!

@endorama endorama merged commit 1d97678 into elastic:main Mar 15, 2022
@endorama endorama deleted the gcp-test-package branch March 15, 2022 11:16
@endorama
Copy link
Member Author

First try (not)

😆

Happy to see this land and THANK YOU everyone for all the help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants