Fix 404 on creating alerts

Error: Error creating AlertPolicy: googleapi: Error 404: Cannot find metric(s) that match type = "logging.googleapis.com/user/sa-impersonation". If a metric was created recently, it could take up to 10 minutes to become available. Please try again soon.
2026-02-16 12:05:14 +00:00
parent 26e622edae
commit 7e42aba824
4 changed files with 106 additions and 129 deletions
--- a/fast/stages/0-org-setup/datasets/classic/observability/iac-0/impersonation.yaml
+++ b/fast/stages/0-org-setup/datasets/classic/observability/iac-0/impersonation.yaml
@@ -14,50 +14,58 @@

 # yaml-language-server: $schema=../../../../schemas/observability.schema.json

-notification_channels:
-  email-security:
-    type: email
-    display_name: Security Team Email
-    labels:
-      email_address: $email_addresses:gcp-organization-admins
-    enabled: true
+# On first apply, alerts may return an error:
+# AlertPolicy: googleapi: Error 404: Cannot find metric(s) that match
+# type = "logging.googleapis.com/user/sa-impersonation". If a metric was
+# created recently, it could take up to 10 minutes to become available. Please
+# try again soon.
+#
+# hence, this is commented out by default.

-logging_metrics:
-  sa-impersonation:
-    filter: |
-      protoPayload.serviceName="iamcredentials.googleapis.com"
-      (protoPayload.methodName="GenerateAccessToken" OR protoPayload.methodName="GenerateIdToken")
-    label_extractors:
-      email_id: EXTRACT(resource.labels.email_id)
-    metric_descriptor:
-      metric_kind: DELTA
-      value_type: INT64
-      unit: "1"
-      display_name: Service Account Impersonation
-      labels:
-        - key: email_id
-          value_type: STRING
-
-alerts:
-  sa-impersonation-alert:
-    display_name: Service Account Impersonation Alert
-    combiner: OR
-    conditions:
-      - display_name: Impersonation Detected
-        condition_threshold:
-          filter: |
-            metric.type="logging.googleapis.com/user/sa-impersonation" AND
-            resource.type="global"
-          comparison: COMPARISON_GT
-          threshold_value: 0
-          duration: 60s
-          trigger:
-            count: 1
-          aggregations:
-            - alignment_period: 60s
-              per_series_aligner: ALIGN_COUNT
-              cross_series_reducer: REDUCE_SUM
-              group_by_fields: ["metric.label.email_id"]
-    notification_channels:
-      - email-security
-    enabled: true
+notification_channels: {}
+#   email-security:
+#     type: email
+#     display_name: Security Team Email
+#     labels:
+#       email_address: $email_addresses:gcp-organization-admins
+#     enabled: true
+#
+logging_metrics: {}
+#   sa-impersonation:
+#     filter: |
+#       protoPayload.serviceName="iamcredentials.googleapis.com"
+#       (protoPayload.methodName="GenerateAccessToken" OR protoPayload.methodName="GenerateIdToken")
+#     label_extractors:
+#       email_id: EXTRACT(resource.labels.email_id)
+#     metric_descriptor:
+#       metric_kind: DELTA
+#       value_type: INT64
+#       unit: "1"
+#       display_name: Service Account Impersonation
+#       labels:
+#         - key: email_id
+#           value_type: STRING
+#
+alerts: {}
+#   sa-impersonation-alert:
+#     display_name: Service Account Impersonation Alert
+#     combiner: OR
+#     conditions:
+#       - display_name: Impersonation Detected
+#         condition_threshold:
+#           filter: |
+#             metric.type="logging.googleapis.com/user/sa-impersonation" AND
+#             resource.type="global"
+#           comparison: COMPARISON_GT
+#           threshold_value: 0
+#           duration: 60s
+#           trigger:
+#             count: 1
+#           aggregations:
+#             - alignment_period: 60s
+#               per_series_aligner: ALIGN_COUNT
+#               cross_series_reducer: REDUCE_SUM
+#               group_by_fields: ["metric.label.email_id"]
+#     notification_channels:
+#       - email-security
+#     enabled: true