Description
There is a failure to label where all these are true:
- The resource is in a project is in a folder (i.e, the bug does not occur if the project is directly in the org)
and - The labeling is scheduled (by Cloud Scheduler) (i.e., the bug does not occur with labeling that occurs on creation of resources).
and - the
projectsconfig key (inconfig.yamlis emptyprojects: [](i.e., the bug does not occur if you haveprojects: ['myproject']
Looking at the code for listing projects, we see that if projects are not explicitly listed, all_projects() finds the projects with list_projects(parent=org_name), which lists only the "projects that are direct children of the specified folder or organization resource".
(As to why this issue was not earlier caught: It is probably because most labeling occurs on-creation, not with Cloud Scheduler. So, this issue would only be seen for projects in a folder, and for existing resources labeled for the first time after Iris has been launched, or for Cloud SQL, or for disks whose attachment state has changed.)
The solution would be to use a combination of list_folders and the above-mentioned list_projects to recursively walk the organization. It might make sense to parallelize the tree-walking algo. It might be best to return a Generator and have get_enabled_projects return a generator to better support cases with a huge number of projetcs, though if so, sorting will need to be removed -- and if we really have such a huge number of projects, we probably have bigger headaches.