search

GoogleCloudPlatform / genai-for-marketing

Showcasing Google Cloud's generative AI for marketing scenarios via application frontend, backend, and detailed, step-by-step guidance for setting up and utilizing generative AI tools, including examples of their use in crafting marketing materials like blog posts and social media content, nl2sql analysis, and campaign personalization.
https://cloud.google.com/vertex-ai/
Apache License 2.0
309 stars 113 forks source link

Error running step 1 - terraform apply #139

Open chmstimoteo opened 2 weeks ago

chmstimoteo commented 2 weeks ago

image

Error: Error applying IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": Error setting IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": googleapi: Error 400: One or more users named in the policy do not belong to a permitted customer, perhaps due to an organization policy. │ │ with google_cloud_run_service_iam_member.invoker, │ on app.tf line 50, in resource "google_cloud_run_service_iam_member" "invoker": │ 50: resource "google_cloud_run_service_iam_member" "invoker" { │ ╵ ╷ │ Error: Request Create IAM Members roles/iam.workloadIdentityUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.workloadIdentityUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[7], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[5], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[6], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[3], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/artifactregistry.writer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/artifactregistry.writer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[2], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/storage.objectViewer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/storage.objectViewer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[0], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/iam.serviceAccountUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[4], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" { │ ╵ ╷ │ Error: Request Create IAM Members roles/logging.logWriter serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/logging.logWriter serviceAccount:765896565215-compute@developer.gserviceaccount.com for project \"genai-ctimoteo\"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest │ │ with google_project_iam_member.cb_roles[1], │ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles": │ 59: resource "google_project_iam_member" "cb_roles" {

chmstimoteo commented 2 weeks ago

Workaround:

Comment this resource block and manually assign a group of users emails to access the frontend address or set a group alias email to access that using the Cloud Console.