I am trying to setup a Github based Spring Config Cloud Server and Clients. My aim is to configure a webhook from my Github repo that gets to /monitor endpoint which in turn uses spring-cloud-bus (based on GCP PubSub) to propagate that change to respective applications.
The problem is I can't give the Server or Client permission to create topics and subscriptions on the fly, hence I'm looking to configure each config client with custom subscription name (I'm generating these topics and subscriptions via Terraform externally and they are available before the services are deployed).
I was going through the documentation here but couldn't find a way to configure custom subscription name.
However I did find a way to configure custom PubSub topic where changes will be pushed.
My application.yaml has following configuration for now.
spring:
application:
name: config-server
profiles:
active: ${ENVIRONMENT:local}
cloud:
stream:
gcp:
pubsub:
default:
consumer:
auto-create-resources: false
producer:
auto-create-resources: false
gcp:
pubsub:
project-id: GCP-PROJECT-ID
bus:
destination: projects/GCP-PROJECT-ID/topics/cfg-changes
config:
server:
git:
uri: https://github/user/config-repo
username: user
password: ${CONFIG_SERIVCE_PAT:default_token}
skip-ssl-validation: true
Now as the documentation states that the server also is a client its trying to create a subscription and since the server service doesn't have access to create subscription its failing with following exception.
com.google.api.gax.rpc.AsyncTaskException: Asynchronous task failed
at com.google.api.gax.rpc.ApiExceptions.callAndTranslateApiException(ApiExceptions.java:57)
at com.google.api.gax.rpc.UnaryCallable.call(UnaryCallable.java:112)
at com.google.cloud.pubsub.v1.SubscriptionAdminClient.createSubscription(SubscriptionAdminClient.java:554)
at com.google.cloud.spring.pubsub.PubSubAdmin.createSubscription(PubSubAdmin.java:278)
at com.google.cloud.spring.stream.binder.pubsub.provisioning.PubSubChannelProvisioner.createSubscription(PubSubChannelProvisioner.java:178)
at com.google.cloud.spring.stream.binder.pubsub.provisioning.PubSubChannelProvisioner.provisionConsumerDestination(PubSubChannelProvisioner.java:101)
at com.google.cloud.spring.stream.binder.pubsub.provisioning.PubSubChannelProvisioner.provisionConsumerDestination(PubSubChannelProvisioner.java:42)
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:512)
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:102)
at org.springframework.cloud.stream.binder.AbstractBinder.bindConsumer(AbstractBinder.java:144)
at org.springframework.cloud.stream.binding.BindingService.lambda$rescheduleConsumerBinding$1(BindingService.java:211)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
... 3 common frames omitted
Caused by: io.grpc.StatusRuntimeException: PERMISSION_DENIED: User not authorized to perform this action.
at io.grpc.Status.asRuntimeException(Status.java:539)
I tried to look at the source code but couldn't figure out where exactly should I configure the custom subscription name in application.yaml file.
