application-integration-management-toolkit icon indicating copy to clipboard operation
application-integration-management-toolkit copied to clipboard
verified publisher icon GoogleCloudPlatform

[BUG] Scaffolding and the applying integration with connectors is not working anymore - Vertex, Firestore connectors

Open carlosmscabral opened this issue 6 months ago • 2 comments

Describe the bug While a full scaffold/apply works and deploys the integration/connectors, the connectors are not configured properly. I am using service account authentication. But when the actual integration is run and reaches the connector, it gets a 403. I believe something changed in the schema of the connectors.

If I go to the console, edit the connector, I need to reselect the version, the service account auth and THEN I need to select a scope (for google cloud in this case). I believe this is new and this breaks integrationcli.

Version integrationcli version 0.81.5 date: 2025-04-01T03:07:47Z [commit: 8f22360]

carlosmscabral avatar Jul 04 '25 19:07 carlosmscabral

@carlosmscabral - are you referring to the service account used by the integration itself or the service account that is used to configure the connector? Can you share more details on which connector this is?

ssvaidyanathan avatar Jul 05 '25 00:07 ssvaidyanathan

Steps for reproducing (I had issues with the Vertex and the Firestore connectors, but this maybe more widespread to GCP connectors):

  • In project A, setup a Firestore connector with service account-base authentication, use the standard Compute Engine Service Account.
  • Still in project A, create a simple integration that invokes, successfully, this connection.
  • Run the scaffold command.
  • Run the apply command, but to project B.
  • Firestore Connector and the Integration should be correctly setup in project B.
  • Run the integration. At the step of invoking the connection, I get a 403.

The scaffold portion for the Connector is (when using the default compute engine service account it is not explicitly added or exported here):

{ "connectorDetails": { "name": "firestore", "provider": "gcp", "version": 1 }, "authConfig": { "additionalVariables": [ { "key": "scopes", "stringValue": "https://www.googleapis.com/auth/cloud-platform" } ] }, "nodeConfig": { "minNodeCount": 2, "maxNodeCount": 50 }, "logConfig": { "enabled": true }, "sslConfig": { "privateServerCertificate": {}, "clientCertificate": {}, "clientPrivateKey": {}, "clientPrivateKeyPass": {} } }

From an UX perspective, the scope portion for GCP connections seems to be somewhat new.

I can easily reproduce it. I'll record a quick video internally and share it with you.

carlosmscabral avatar Jul 05 '25 20:07 carlosmscabral