I'm deploying a gcloud function with two mounted secrets (from google secret manager), my local dir structure is the following:
├── index.js
├── mounted-secret-config
│ ├── config.js
├── mounted-secret-credentials
│ └── googleServiceAccountCredentials.json
├── package-lock.json
└── package.json
config.js and googleServiceAccountCredentials.json are ignored so the deploy process doesn't upload them.
I deploy using this command:
gcloud functions deploy <...> --region <...> --trigger-http --runtime nodejs16 --allow-unauthenticated --gen2 --memory 256Mi --set-secrets=/workspace/mounted-secret-config/config.js=configjs:latest,/workspace/mounted-secret-credentials/googleServiceAccountCredentials.json=googleServiceAccountCredentials:latest
It works, the node app finds the files and overall works but after each deploy I see this in the gcloud logs:
2022-08-26 10:11:18.130 CEST Could not open file at path /secret_volume_0/config. The path is in a mounted secrets volume, but the exact path does not correspond to any secret specified in the mount configuration.
Warning
2022-08-26 10:11:18.182 CEST Could not open file at path /secret_volume_0/package.json. The path is in a mounted secrets volume, but the exact path does not correspond to any secret specified in the mount configuration.
Warning
And after each http request to my service i get:
2022-08-26 10:05:33.511 CEST Could not open file at path /workspace/mounted-secret-config/config. The path is in a mounted secrets volume, but the exact path does not correspond to any secret specified in the mount configuration.
Warning
2022-08-26 10:05:33.572 CEST Could not open file at path /workspace/mounted-secret-config/package.json. The path is in a mounted secrets volume, but the exact path does not correspond to any secret specified in the mount configuration.
I've no idea what's going on here, I don't even know who's logging this. /workspace/mounted-secret-config/config doesn't exist, but /workspace/mounted-secret-config/config.js (note the .js extension) does, and the app finds it or it would not even start. /workspace/mounted-secret-config/package.json this doesn't but it isn't supposed to, who's even trying to access it? And why it doesn't complain about the other mounted secret?
config.js is required with: require('./mounted-secret-config/config')
If I change it to require('./mounted-secret-config/config.js') (adding .js) one of the two warnings disappears. Is node trying to import the exact name (giving the warning) and then falling back to config.js? But what about the package.json?
This is not a real solution, more like a workaround, feel free to add a real solution if you find it.
What I did to "fix" the problem was change the format of my config file from .js to .json (easy in my case because it only contained a dictionary with few keys/values)
Everything else stayed the same, I still read the file with require. I don't know what weird thing node was doing with the .js, but it doesn't do it with .json.
Both warning disappeared (including the one about package.json).