Skip to content

feat(gcp): redesign region model, add Secret Manager, recover Init panics#1062

Open
james00012 wants to merge 1 commit intomasterfrom
fix/gcp-panic-recovery-and-query-fields
Open

feat(gcp): redesign region model, add Secret Manager, recover Init panics#1062
james00012 wants to merge 1 commit intomasterfrom
fix/gcp-panic-recovery-and-query-fields

Conversation

@james00012
Copy link
Contributor

@james00012 james00012 commented Mar 13, 2026
edited
Loading

Summary

  • Recover panics in GcpResourceAdapter.Init() and store as InitializationError for graceful degradation
  • Validate project ID upfront via Cloud Resource Manager API before scanning
  • Consolidate CLI flag parsing into shared generateGcpQuery() helper with Timeout wiring
  • Redesign GCP region model: drop global/regional split, make --region a location filter hint each resource handles internally
  • Add MatchesLocationFilter helper; update Cloud Functions, Artifact Registry, GCS, Pub/Sub to use it
  • Add Secret Manager resource with multi-client architecture (global + regional endpoints discovered dynamically via ListLocations RPC)

Why Secret Manager?

Secret Manager is the first GCP resource that has both global and regional endpoints — secrets can live at projects/{p}/secrets/{s} (global) or projects/{p}/locations/{loc}/secrets/{s} (regional). The previous global/regional registry split couldn't model this: a single resource type needs to query multiple endpoint classes and route deletions to the correct client based on the secret's fully qualified name. This drove the redesign from a registry-level split to per-resource location handling, and Secret Manager serves as the concrete proof that the new model works for mixed-endpoint resources.

Closes #1053

Test plan

  • go build ./... passes
  • go vet ./... passes
  • golangci-lint run ./... — 0 issues
  • go test ./gcp/... ./config/... ./resource/... ./commands/... — all pass
  • scripts/check-resource-naming.sh — lint passes
  • Adapter panic recovery tests pass
  • Location filter, query validation, Secret Manager helper unit tests pass

@james00012 james00012 requested a review from denis256 as a code owner March 13, 2026 23:28
@james00012 james00012 force-pushed the fix/gcp-panic-recovery-and-query-fields branch from 4bbf738 to 26619af Compare March 13, 2026 23:30
@Amit2465 Amit2465 mentioned this pull request Mar 14, 2026
Closed
2 tasks
@james00012 james00012 force-pushed the fix/gcp-panic-recovery-and-query-fields branch from 26619af to 55bb7ce Compare March 14, 2026 16:09
@james00012 james00012 changed the title fix(gcp): recover panics in adapter Init and wire query time fields fix(gcp): recover panics in adapter Init, wire query fields, and validate project ID Mar 14, 2026
@james00012 james00012 force-pushed the fix/gcp-panic-recovery-and-query-fields branch from 75d1ea0 to 8bbc3c3 Compare March 14, 2026 16:36
@denis256
Copy link
Member

denis256 commented Mar 16, 2026

Lint failures


Run ./scripts/check-resource-naming.sh
Checking ResourceTypeName conventions...
  Scanning: /home/runner/work/cloud-nuke/cloud-nuke/aws/resources /home/runner/work/cloud-nuke/cloud-nuke/gcp/resources
  FAIL: Duplicate ResourceTypeName values: test-panic-resource
  Checked 129 resource types
Checking Config struct YAML tag conventions...
  Checked 132 YAML tags

FAILED: 1 naming convention violation(s) found.
Error: Process completed with exit code 1.

denis256
denis256 reviewed Mar 16, 2026
View reviewed changes
@james00012 james00012 changed the title fix(gcp): recover panics in adapter Init, wire query fields, and validate project ID feat(gcp): redesign region model, add Secret Manager, recover Init panics Mar 17, 2026
@james00012 james00012 force-pushed the fix/gcp-panic-recovery-and-query-fields branch 7 times, most recently from e7970e5 to 0dcf459 Compare March 17, 2026 20:45
@james00012
feat(gcp): redesign region model, add Secret Manager, recover Init pa…
7c6eb4a 
…nics

- Recover panics in GcpResourceAdapter.Init() and store as InitializationError
- Validate project ID upfront via Cloud Resource Manager API
- Wire ExcludeAfter, IncludeAfter, Timeout to gcp.Query via generateGcpQuery()
- Drop global/regional split: --region is now a location filter hint each
  resource handles internally via MatchesLocationFilter helper
- Add Secret Manager resource with multi-client architecture (global +
  regional endpoints discovered dynamically via ListLocations RPC)
- Close global client after discovery when not needed for querying
- Post-filter Cloud Functions results with ExcludeLocations on wildcard queries
- Case-insensitive location matching throughout (validateLocations, filters)
@james00012 james00012 force-pushed the fix/gcp-panic-recovery-and-query-fields branch from 0dcf459 to 7c6eb4a Compare March 17, 2026 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denis256 denis256 denis256 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GCP: No upfront validation of project ID causes noisy error output

2 participants

@james00012 @denis256