Status Update
No update yet.
Comments
ka...@google.com
pr...@google.com
Hello,
Thanks for reaching out to us!
The Product Engineering Team has been made aware of your feature request, and will address it in due course. Though we can't provide an ETA on feature requests nor guarantee their implementation, rest assured that your feedback is always taken very seriously, as it allows us to improve our products. Thank you for your trust and continued support to improve Google Cloud Platform products.
In case you want to report a new issue, please do not hesitate to create a new [Issue Tracker]
Thanks and Regards,
Onkar Mhetre
Google Cloud Support
rm...@redhat.com
Had the human-readable label in the UI said "E2 and N1 CPUs" instead of "CPUs" we would not have made that mistake: we would have tried for a smaller scale-up or requested more quota first.
I assume that the "internal"/computer-readable name `CPUS` is unlikely to change for compatibility reasons, but hopefully the UI display name is less hardcoded?
on...@google.com
on...@google.com
Hello,
Thanks for reaching out to us!
The Issue request has been created and the Product Engineering Team is working on this request. Right now, there is no ETA to this request. Thank you for your trust and continued support to improve Google Cloud Platform products.
In case you want to report a new issue, please do not hesitate to create a new
Thanks and Regards,
Onkar Mhetre,
Google Cloud Support
on...@google.com
Hello,
We got an update from the Product Team stating that:
Our engineering team noted that you can already use an OR condition in a single regex for machine types. Splitting this into separate constraints may add complexity rather than simplify management.
Additionally, we're soon introducing parameterization to help manage values more effectively.
Does the character limit your main concern? Please let us know if you have further questions!
Thanks & Regards,
Onkar Mhetre
Google Cloud Support
rm...@redhat.com
Hi Onkar, both the characters limit and the ease of managing the definition of constraints are the concerns. The "OR" operator in regular expression is what we are using already, but the problem remains. We still end up writing complex regular expression to match multiple machine types instead of (ideally) defining a YAML list. The other issue is indeed the characters limit, if the limit would apply per item in the list, it would also be much easier to manage.
-razique
rm...@redhat.com
Adding to the fact that we cannot have more than one constraint targeting the same service. This is because the first constraint is evaluated first, and the second is no longer evaluated per my testing.
Example:
- Constraint 1 limits a subnet of E2 machine types. For instance, e2-standard-16 and e2-standard-32.
- Constraint 2 limits a subnet of N1 machine types. For instance, n1-highcpu-4 and n1-highcpu-8.
When both constraints are active, and assuming that constraint 1 gets evaluated first, all machines types in constraint 2 are not allowed. This is because there doesn't seem to be an equivalent "OR" and "AND" operator for constraints targeting the same service. In my testing, I wasn't able to determine the order of evaluation, but it wasn't possible to have one constraint per machines family.
Description
Problem you have encountered:
Currently, GCP organization policies only support a single constraint. This feature doesn't scale really well, even less so when the constraint uses a regular expression
Consider the example of restricting the list of machine types that are allowed. The policy would look as follows:
Allowing multiple machine types requires writing a regular expression that adds complexity and is error prone. Moreover, there is a character limitation of 1000.
I propose the support for multiple conditions to make it easier to manage complex policies. For instance:
Steps to reproduce:
Create an organization policy with a constraint that restricts multiple machine types.
Other information (workarounds you have tried, documentation consulted, etc):