🐛 gcp: support cross-zone instance scanning via snapshot bridge#8441
Draft
tas50 wants to merge 1 commit into
Draft
🐛 gcp: support cross-zone instance scanning via snapshot bridge#8441tas50 wants to merge 1 commit into
tas50 wants to merge 1 commit into
Conversation
Contributor
5d4784a to
5e7ad70
Compare
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
5e7ad70 to
cec5779
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
GCP cross-zone instance scanning fails in the no-snapshot clone path. When the scanner runs in one zone (e.g.
us-west1-a) but the target instance's boot disk lives in another (e.g.--zone us-central1-a),cloneDiskbuilds acompute.Disk{SourceDisk: ...}and callsDisks.Insert(projectID, zone, disk). GCP requiresSourceDiskand the target disk to be in the same zone, so a direct cross-zone disk clone returns a 400. A zonal disk cannot be cloned directly across zones.Fix — snapshot bridge
Snapshots are a global GCP resource, so a cross-zone clone can be bridged through one.
cloneDisknow detects the zone mismatch (viaparseDiskUrlon the source disk) and, when the source zone differs from the target zone, routes through a newcloneDiskViaSnapshothelper. The same-zone path is preserved exactly.cloneDiskViaSnapshotdoes:srcProject,srcZone,srcDiskName.[a-z]([-a-z0-9]{0,61}[a-z0-9])?, ≤63 chars; truncate + trim trailing hyphen). Applysc.labels.Disks.CreateSnapshot(srcProject, srcZone, srcDiskName, &compute.Snapshot{...})from the source disk, then wait onZoneOperations.Get(srcProject, srcZone, op.Name)untilDONE(mirrors the existing wait-loop +Operation.Errorhandling, factored into a sharedwaitForZoneOperationhelper).Snapshots.Get(srcProject, snapName)→snap.SelfLink.createSnapshotDisk(snap.SelfLink, projectID, zone, diskName).Snapshots.Delete(srcProject, snapName)— logs a warning on failure, does not fail the clone (the scanner disk no longer needs the snapshot once created).createSnapshotDisk.This new path calls live GCP APIs (
Disks.CreateSnapshot,Snapshots.Get,Snapshots.Delete) and cannot be verified without real cross-zone GCP infrastructure, which was unavailable. This PR is intentionally a draft until someone runs an actual cross-zone snapshot scan (scanner and target instance in different zones).The unit test only covers the pure decision logic — that a source disk in
zones/us-central1-a/...with target zoneus-west1-ais detected as cross-zone, and same-zone is not. The live API calls are not mocked.New runtime IAM permissions
The scanner service account now additionally needs, at runtime:
compute.disks.createSnapshotcompute.snapshots.createcompute.snapshots.delete(plus the existing
compute.snapshots.getalready used elsewhere)Fixes #8416