Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for google_identity_platform_config quotas is not correct. #16172

Open
archimed-shaman opened this issue Oct 7, 2023 · 5 comments · May be fixed by GoogleCloudPlatform/magic-modules#12315
Open

Documentation for google_identity_platform_config quotas is not correct. #16172

archimed-shaman opened this issue Oct 7, 2023 · 5 comments · May be fixed by GoogleCloudPlatform/magic-modules#12315
Labels
bug forward/linked service/identitytoolkit

Comments

@archimed-shaman
Copy link

archimed-shaman commented Oct 7, 2023
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.5.7
on linux_amd64

  • provider registry.terraform.io/cyrilgdn/postgresql v1.18.0
  • provider registry.terraform.io/hashicorp/google v5.0.0
  • provider registry.terraform.io/hashicorp/random v3.5.1
  • provider registry.terraform.io/hectorj/googlesiteverification v0.4.2

Affected Resource(s)

  • google_identity_platform_config

Terraform Configuration Files

resource "google_identity_platform_config" "default" {
  project = var.gcp_project

  autodelete_anonymous_users = true

  sign_in {
    allow_duplicate_emails = true

    anonymous {
      enabled = false
    }

    email {
      enabled           = true
      password_required = true
    }
  }

  quota {
    sign_up_quota_config {
      quota          = 1000
      start_time     = ""
      # quota_duration = "7200s"
    }
  }

  authorized_domains = [
    "localhost"
  ]
}

Description

Quota description in the example and in the description is not correct.

While start_time is specified as optional, the following error occurs on the empty or absent value:

│ Error: Error updating Config "projects/project-name/config": googleapi: Error 400: INVALID_CONFIG : SignUp quota must start between now and 365 days from now.
│ 
│   with module.identity-platform.google_identity_platform_config.default,
│   on modules/identity/main.tf line 1, in resource "google_identity_platform_config" "default":
│    1: resource "google_identity_platform_config" "default" {

start_time looks to be mandatory for this section and must be a timestimp like 2023-10-07T22:38:23Z.
Also, looks like quota_duration is mandatory too as it has no default value. On empty value the following error occurs:

googleapi: Error 400: INVALID_CONFIG : SignUp quota duration must be between 1 hour and 7 days.

b/304233470
@github-actions github-actions bot added forward/review In review; remove label to forward service/identitytoolkit labels Oct 7, 2023
@edwardmedia
Copy link
Contributor

edwardmedia commented Oct 8, 2023
edited
Loading

@archimed-shaman what do you see if you completely remove start_time?

  quota {
    sign_up_quota_config {
      quota          = 1000
      quota_duration = "7200s"
    }
  }

I do see the example contains

start_time     = ""

What do you see in its plan even you leave start_time = "" in the config? Can you share yours?

      + quota {
          + sign_up_quota_config {
              + quota          = 1000
              + quota_duration = "7200s"
            }
        }

@edwardmedia edwardmedia added waiting-response and removed forward/review In review; remove label to forward labels Oct 8, 2023
@alexkirmse
Copy link

If you leave off start_time completely you get the following error:

Error: Error updating Config "projects/{project_name}/config": googleapi: Error 400: INVALID_CONFIG : SignUp quota must start between now and 365 days from now.

One way to fix it when you need to have a specific quota is to use:

quota {
    sign_up_quota_config {
      quota = 1000
      start_time = timeadd(timestamp(), "1m") # 1 minute in the future because by the time it executes in GCP this time will be in the past (increase depending on typical GCP execution)
      quota_duration = "7200s"
    }
  }

Otherwise remove the entire quota block to just use defaults which is 100.

While the documentation is incorrect, I believe the behavior is correct. The documentation should show that quota, start_time and quota_duration are mandatory if quota and sign_up_quota_config are used to set a custom sign up quota.

@Boardtale
Copy link

Boardtale commented Feb 10, 2024
edited
Loading

Hi, I know it's kinda not for this, but where do we set this quota in GCP console? I can't find this anywhere, in API quoatas and system limtis for identity toolkit there's nothing related to this sign up quota. I would love to verify the setting in console but I don't see it anywhere in the UI
I only found this: https://cloud.google.com/identity-platform/quotas is this the same for documentation? Cause documentation from Google about identity platform is imho very poor: https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config#quotaconfig
no default, no link to what we are quoting.

is it this one: New account creation | 100 accounts/hour for each IP address
?

@Michael-shihao-li
Copy link 

timeadd(timestamp(), "1m")

Hi @alexkirmse I am using the timestamp() function without the timeadd function, which works too.

  quota {
    sign_up_quota_config {
      quota = 1000
      start_time = timestamp()
      quota_duration = "7200s"
    }
  }

The timestamp value will be (known after apply).

  + quota {
          + sign_up_quota_config {
              + quota          = 1000
              + quota_duration = "7200s"
              + start_time     = (known after apply)
            }
        }

@Boardtale
Copy link

Regarding my previous comment. I found out this quota in UI.
Shame it's only temporary duration thou :( not permanent thing

@pashanka pashanka linked a pull request Nov 13, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug forward/linked service/identitytoolkit
Projects
None yet
Milestone
No milestone
6 participants
@alexkirmse @archimed-shaman @modular-magician @edwardmedia @Boardtale @Michael-shihao-li