Closed obriensystems closed 4 months ago
fixing across 3 triggers
common
Step #3 - "tf plan": │ Error: Error reading organization: googleapi: Error 400: Request contains an invalid argument., badRequest
Step #3 - "tf plan": │
Step #3 - "tf plan": │ with module.group_telcoadmin.data.google_organization.org[0],
Step #3 - "tf plan": │ on .terraform/modules/group_telcoadmin/main.tf line 17, in data "google_organization" "org":
Step #3 - "tf plan": │ 17: data "google_organization" "org" {
fix
organization_iam_group_secadmin = [
{
member = "group:secadmin@DOMAIN_NAME" # REQUIRED EDIT. group:user@google.com
organization = "REPLACE_ORGANIZATION_ID" #Insert your Ord ID here, format ############
code
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ USER=$(gcloud config list --format json|jq .core.account | sed 's/"//g')
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ echo $USER
michael@obrienlabs.engineering
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ DOMAIN_NAME=$(echo $USER | sed 's/"//g' | cut -f2 -d@)
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ echo $DOMAIN_NAME
obrienlabs.engineering
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ DOMAIN_NAME_SEARCH=DOMAIN_NAME
michael@cloudshell:~/lzone-oe/lz-oe/deployed/pbmm-on-gcp-onboarding/environments/bootstrap (lzone-oe)$ sed -i "s/${DOMAIN_NAME_SEARCH}/${DOMAIN_NAME}/g" ../common/iam-groups.auto.tfvars
member = "group:secadmin@obrienlabs.engineering" # REQUIRED EDIT. group:user@google.com
expected billing quota - asking for more
https://support.google.com/code/contact/billing_quota_increase
Step #4 - "tf apply": │ Error: Error setting billing account "01A7ED-3C095A-802AAE" for project "projects/dcpe-oe-guardrailsoe": googleapi: Error 400: Precondition check failed.
Step #4 - "tf apply": │ Details:
Step #4 - "tf apply": │ [
Step #4 - "tf apply": │ {
Step #4 - "tf apply": │ "@type": "type.googleapis.com/google.rpc.QuotaFailure",
Step #4 - "tf apply": │ "violations": [
Step #4 - "tf apply": │ {
Step #4 - "tf apply": │ "description": "Cloud billing quota exceeded: https://support.google.com/code/contact/billing_quota_increase",
Step #4 - "tf apply": │ "subject": "billingAccounts/01A7ED-3C095A-802AAE"
this is expected
Error: Error creating Group: googleapi: Error 403: Error(2015): Permission denied for group resource 'opsadmin@obrienlabs.engineering'.
Step #4 - "tf apply": │ Details:
Step #4 - "tf apply": │ [
Step #4 - "tf apply": │ {
Step #4 - "tf apply": │ "@type": "type.googleapis.com/google.rpc.ResourceInfo",
Step #4 - "tf apply": │ "description": "Error(2015): Permission denied for group resource 'opsadmin@obrienlabs.engineering'.",
Step #4 - "tf apply": │ "owner": "domain:cloudidentity.googleapis.com",
Step #4 - "tf apply": │ "resourceType": "cloudidentity.googleapis.com/Group"
Step #4 - "tf apply": │ }
Step #4 - "tf apply": │ ]
add group creation permission for the terraform service account in see https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/271#issuecomment-1661425718 and https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/308
nonprod
Step #2 - "tf validate": │ Error: Reference to undeclared input variable
Step #2 - "tf validate": │
Step #2 - "tf validate": │ on dns.tf line 44, in module "private_zone":
Step #2 - "tf validate": │ 44: name = var.private_zone_name
Step #2 - "tf validate": │
Step #2 - "tf validate": │ An input variable with the name "private_zone_name" has not been declared.
Step #2 - "tf validate": │ This variable can be declared with a variable "private_zone_name" {} block.
Step #2 - "tf validate": ╵
Step #2 - "tf validate": ╷
Step #2 - "tf validate": │ Error: Reference to undeclared input variable
Step #2 - "tf validate": │
Step #2 - "tf validate": │ on dns.tf line 45, in module "private_zone":
Step #2 - "tf validate": │ 45: domain = var.private_zone_domain
Step #2 - "tf validate": │
Step #2 - "tf validate": │ An input variable with the name "private_zone_domain" has not been
Step #2 - "tf validate": │ declared. This variable can be declared with a variable
Step #2 - "tf validate": │ "private_zone_domain" {} block.
Step #2 - "tf validate": ╵
Step #2 - "tf validate": ╷
Step #2 - "tf validate": │ Error: Reference to undeclared input variable
Step #2 - "tf validate": │
Step #2 - "tf validate": │ on dns.tf line 46, in module "private_zone":
Step #2 - "tf validate": │ 46: labels = var.labels
Step #2 - "tf validate": │
Step #2 - "tf validate": │ An input variable with the name "labels" has not been declared. This
Step #2 - "tf validate": │ variable can be declared with a variable "labels" {} block.
Step #2 - "tf validate": ╵
Step #2 - "tf validate": ╷
Step #2 - "tf validate": │ Error: Reference to undeclared input variable
Step #2 - "tf validate": │
Step #2 - "tf validate": │ on dns.tf line 51, in module "private_zone":
Step #2 - "tf validate": │ 51: private_visibility_config_networks = var.network_self_links
Step #2 - "tf validate": │
Step #2 - "tf validate": │ An input variable with the name "network_self_links" has not been declared.
Step #2 - "tf validate": │ This variable can be declared with a variable "network_self_links" {}
prod
│ Error: Unsupported attribute
│
│ on main.tf line 76, in module "net-host-prj":
│ 76: parent = data.terraform_remote_state.common.outputs.folders_map_2_levels.ProdNetworking.id
│ ├────────────────
│ │ data.terraform_remote_state.common.outputs is object with no attributes
│
│ This object does not have an attribute named "folders_map_2_levels".
see spawned issues https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/305 https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/306 https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/307
For billing - add on both IAM and billing side - BAA - or billing association is not set
rename
DcPe-oe-auditoe | projects/dcpe-oe-auditoe | ||
---|---|---|---|
DcPe-oe-guardrailsoe | projects/dcpe-oe-guardrailsoe | ||
DcPe-oe-prdoe-perim | projects/dcpe-oe-prdoe-perim |
20240406: Closing issue during retrofit/rebase of this TEF V1 based/modified repo to TEF V4 standards This issue may participate in the LZ refactor after rebase Query on all issues related to the older V1 version via the tag https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/labels/2024-pre-tef-v4
Full day 0 clean install on a clean org
Step: get legacy 1.0.10 version of terraform to run local boostrap only
rerun - retrofit readme script
VER=1.0.10 wget https://releases.hashicorp.com/terraform/${VER}/terraform_${VER}_linux_amd64.zip
IAM start state
Get IAM existing roles
add 2 project permissions missing
2051
2056
add gcloud services enable iam.googleapis.com
and the TF SA is already in billing