Closed fmichaelobrien closed 1 month ago
in ol.xyz clean org with billing quota set
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ git clone https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding.git
Cloning into 'pbmm-on-gcp-onboarding'...
remote: Enumerating objects: 6193, done.
remote: Counting objects: 100% (2380/2380), done.
remote: Compressing objects: 100% (840/840), done.
remote: Total 6193 (delta 1574), reused 2183 (delta 1510), pack-reused 3813
Receiving objects: 100% (6193/6193), 31.76 MiB | 36.62 MiB/s, done.
Resolving deltas: 100% (3768/3768), done.
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd pbmm-on-gcp-onboarding/
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding (tef-olxyz)$ cd 0-bootstrap/
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ git checkout gh360-day0-deploy-example
Branch 'gh360-day0-deploy-example' set up to track remote branch 'gh360-day0-deploy-example' from 'origin'.
Switched to a new branch 'gh360-day0-deploy-example'
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ gcloud services list | grep NAME
NAME: accesscontextmanager.googleapis.com
NAME: analyticshub.googleapis.com
NAME: appengine.googleapis.com
NAME: artifactregistry.googleapis.com
NAME: assuredworkloads.googleapis.com
NAME: bigquery.googleapis.com
NAME: bigqueryconnection.googleapis.com
NAME: bigquerydatapolicy.googleapis.com
NAME: bigquerymigration.googleapis.com
NAME: bigqueryreservation.googleapis.com
NAME: bigquerystorage.googleapis.com
NAME: billingbudgets.googleapis.com
NAME: cloudapis.googleapis.com
NAME: cloudasset.googleapis.com
NAME: cloudbilling.googleapis.com
NAME: cloudbuild.googleapis.com
NAME: cloudidentity.googleapis.com
NAME: cloudkms.googleapis.com
NAME: cloudresourcemanager.googleapis.com
NAME: cloudtrace.googleapis.com
NAME: containerregistry.googleapis.com
NAME: dataform.googleapis.com
NAME: dataplex.googleapis.com
NAME: datastore.googleapis.com
NAME: essentialcontacts.googleapis.com
NAME: iam.googleapis.com
NAME: iamcredentials.googleapis.com
NAME: logging.googleapis.com
NAME: monitoring.googleapis.com
NAME: pubsub.googleapis.com
NAME: securitycenter.googleapis.com
NAME: securitycentermanagement.googleapis.com
NAME: servicemanagement.googleapis.com
NAME: servicenetworking.googleapis.com
NAME: serviceusage.googleapis.com
NAME: sql-component.googleapis.com
NAME: storage-api.googleapis.com
NAME: storage-component.googleapis.com
NAME: storage.googleapis.com
20240409:1020
Missing tfvars files because of .gitignore filter - fixed in https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/pull/366/files for #365
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ git mv terraform.example.tfvars terraform.tfvars
replace get org via https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/gh766-script/solutions/setup.sh#L101
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ BOOT_PROJECT_ID=tef-olxyz
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ORG_ID=$(gcloud projects get-ancestors $BOOT_PROJECT_ID --format='get(id)' | tail -1)
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ BILLING_FORMAT="--format=value(billingAccountName)"
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ BILLING_ID=$(gcloud billing projects describe $BOOT_PROJECT_ID $BILLING_FORMAT | sed 's/.*\///')
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ EMAIL=$(gcloud config list --format json|jq .core.account | sed 's/"//g')
terraform.tfvars
org_id = "10...5" # format "000000000000"
billing_account = "01...C8" # format "000000-000000-000000"
// For enabling the automatic groups creation, uncoment the
// variables and update the values with the group names
groups = {
create_required_groups = false # Change to true to create the required_groups
create_optional_groups = false # Change to true to create the optional_groups
billing_project = "tef-olxyz" # Fill to create required or optional groups
required_groups = {
group_org_admins = "gcp-organization-admins@o..yz" # example "gcp-organization-admins@example.com"
group_billing_admins = "gcp-billing-admins@o..yz" # example "gcp-billing-admins@example.com"
billing_data_users = "gcp-billing-data@o..yz" # example "gcp-billing-data@example.com"
audit_data_users = "gcp-audit-data@o..yz" # example "gcp-audit-data@example.com"
monitoring_workspace_users = "gcp-monitoring-workspace@o..yz" # example "gcp-monitoring-workspace@example.com"
}
optional_groups = {
gcp_security_reviewer = "gcp_security_reviewer_local_test@o..yz" #"gcp_security_reviewer_local_test@example.com"
gcp_network_viewer = "gcp_network_viewer_local_test@o..yz" #"gcp_network_viewer_local_test@example.com"
gcp_scc_admin = "gcp_scc_admin_local_test@o..yz" #"gcp_scc_admin_local_test@example.com"
gcp_global_secrets_admin = "gcp_global_secrets_admin_local_test@o..yz" #"gcp_global_secrets_admin_local_test@example.com"
gcp_kms_admin = "gcp_kms_admin_local_test@o..yz" #"gcp_kms_admin_local_test@example.com"
}
}
# 20240409 leave for now until we fix regionalization for northamerica-northeast1/2
default_region = "us-central1"
# Optional - for an organization with existing projects or for development/validation.
# Uncomment this variable to place all the example foundation resources under
# the provided folder instead of the root organization.
# The variable value is the numeric folder ID
# The folder must already exist.
parent_folder = "7..7"
with fix https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/367
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ../scripts/validate-requirements.sh -o $ORG_ID -b $BILLING_ID -u $EMAIL
Validating required utility tools...
Validating Terraform installation...
Validating Google Cloud SDK installation...
Validating Git installation...
git default branch must be configured as main.
See the instructions at https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/docs/TROUBLESHOOTING.md#default-branch-setting .
Validating local gcloud configuration...
Validating roles assignment for current end user credential...
Validating 0-bootstrap configuration...
.......................................
Validation failed!
Errors found:
git default branch must be configured as main.
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ../scripts/validate-requirements.sh -o $ORG_ID -b $BILLING_ID -u $EMAIL
Validating required utility tools...
Validating Terraform installation...
Validating Google Cloud SDK installation...
Validating Git installation...
Validating local gcloud configuration...
Validating roles assignment for current end user credential...
Validating 0-bootstrap configuration...
.......................................
Validation successful!
No errors found.
https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/0-bootstrap/README.md#prerequisites https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/0-bootstrap/README.md#optional---automatic-creation-of-google-cloud-identity-groups
already set
NAME: cloudidentity.googleapis.com
already set on super admin
Service Usage Admin
We will eventually need a later pbr friendly 1.6 version to avoid TF state file errors during 1-org transition from 1.7 to 1.3 - https://github.com/terraform-google-modules/terraform-example-foundation/issues/1151 https://releases.hashicorp.com/terraform/ Current version is 1.8.0 in RC, in gcloud we are running 1.7.5
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64
https://releases.hashicorp.com/terraform/1.3.10/ https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_linux_amd64.zip
wget https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_linux_amd64.zip
--2024-04-09 15:34:34-- https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 18.239.225.114, 18.239.225.27, 18.239.225.39, ...
Connecting to releases.hashicorp.com (releases.hashicorp.com)|18.239.225.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19989918 (19M) [application/zip]
Saving to: ‘terraform_1.3.10_linux_amd64.zip’
terraform_1.3.10_linux_amd64.zip 100%[=================================================================================================>] 19.06M 80.1MB/s in 0.2s
2024-04-09 15:34:35 (80.1 MB/s) - ‘terraform_1.3.10_linux_amd64.zip’ saved [19989918/19989918]
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ unzip terraform_1.3.10_linux_amd64.zip
Archive: terraform_1.3.10_linux_amd64.zip
inflating: terraform
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform --version
Terraform v1.3.10
on linux_amd64
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform init
Initializing modules...
Downloading registry.terraform.io/terraform-google-modules/gcloud/google 3.4.0 for bootstrap_csr_repo...
- bootstrap_csr_repo in .terraform/modules/bootstrap_csr_repo
- bootstrap_projects_remove_editor in modules/parent-iam-remove-role
Downloading registry.terraform.io/terraform-google-modules/gcloud/google 3.4.0 for build_terraform_image...
- build_terraform_image in .terraform/modules/build_terraform_image
- cicd_project_iam_member in modules/parent-iam-member
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for gcp_projects_state_bucket...
- gcp_projects_state_bucket in .terraform/modules/gcp_projects_state_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/group/google 0.6.1 for optional_group...
- optional_group in .terraform/modules/optional_group
- org_iam_member in modules/parent-iam-member
- parent_iam_member in modules/parent-iam-member
Downloading registry.terraform.io/terraform-google-modules/group/google 0.6.1 for required_group...
- required_group in .terraform/modules/required_group
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.1.0 for seed_bootstrap...
- seed_bootstrap in .terraform/modules/seed_bootstrap
Downloading registry.terraform.io/terraform-google-modules/org-policy/google 5.3.0 for seed_bootstrap.enable_cross_project_service_account_usage...
- seed_bootstrap.enable_cross_project_service_account_usage in .terraform/modules/seed_bootstrap.enable_cross_project_service_account_usage
Downloading registry.terraform.io/terraform-google-modules/kms/google 2.3.0 for seed_bootstrap.kms...
- seed_bootstrap.kms in .terraform/modules/seed_bootstrap.kms
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for seed_bootstrap.seed_project...
- seed_bootstrap.seed_project in .terraform/modules/seed_bootstrap.seed_project
- seed_bootstrap.seed_project.budget in .terraform/modules/seed_bootstrap.seed_project/modules/budget
- seed_bootstrap.seed_project.essential_contacts in .terraform/modules/seed_bootstrap.seed_project/modules/essential_contacts
- seed_bootstrap.seed_project.gsuite_group in .terraform/modules/seed_bootstrap.seed_project/modules/gsuite_group
- seed_bootstrap.seed_project.project-factory in .terraform/modules/seed_bootstrap.seed_project/modules/core_project_factory
- seed_bootstrap.seed_project.project-factory.project_services in .terraform/modules/seed_bootstrap.seed_project/modules/project_services
- seed_bootstrap.seed_project.quotas in .terraform/modules/seed_bootstrap.seed_project/modules/quota_manager
- seed_bootstrap.seed_project.shared_vpc_access in .terraform/modules/seed_bootstrap.seed_project/modules/shared_vpc_access
- seed_project_iam_member in modules/parent-iam-member
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.1.0 for tf_cloud_builder...
- tf_cloud_builder in .terraform/modules/tf_cloud_builder/modules/tf_cloudbuild_builder
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for tf_cloud_builder.bucket...
- tf_cloud_builder.bucket in .terraform/modules/tf_cloud_builder.bucket/modules/simple_bucket
- tf_private_pool in modules/cb-private-pool
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for tf_private_pool.firewall_rules...
- tf_private_pool.firewall_rules in .terraform/modules/tf_private_pool.firewall_rules/modules/firewall-rules
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for tf_private_pool.peered_network...
- tf_private_pool.peered_network in .terraform/modules/tf_private_pool.peered_network
- tf_private_pool.peered_network.firewall_rules in .terraform/modules/tf_private_pool.peered_network/modules/firewall-rules
- tf_private_pool.peered_network.routes in .terraform/modules/tf_private_pool.peered_network/modules/routes
- tf_private_pool.peered_network.subnets in .terraform/modules/tf_private_pool.peered_network/modules/subnets
- tf_private_pool.peered_network.vpc in .terraform/modules/tf_private_pool.peered_network/modules/vpc
Downloading registry.terraform.io/terraform-google-modules/vpn/google 4.0.0 for tf_private_pool.vpn_ha_cb_to_onprem...
- tf_private_pool.vpn_ha_cb_to_onprem in .terraform/modules/tf_private_pool.vpn_ha_cb_to_onprem/modules/vpn_ha
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.1.0 for tf_source...
- tf_source in .terraform/modules/tf_source/modules/tf_cloudbuild_source
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for tf_source.cloudbuild_bucket...
- tf_source.cloudbuild_bucket in .terraform/modules/tf_source.cloudbuild_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for tf_source.cloudbuild_project...
- tf_source.cloudbuild_project in .terraform/modules/tf_source.cloudbuild_project
- tf_source.cloudbuild_project.budget in .terraform/modules/tf_source.cloudbuild_project/modules/budget
- tf_source.cloudbuild_project.essential_contacts in .terraform/modules/tf_source.cloudbuild_project/modules/essential_contacts
- tf_source.cloudbuild_project.gsuite_group in .terraform/modules/tf_source.cloudbuild_project/modules/gsuite_group
- tf_source.cloudbuild_project.project-factory in .terraform/modules/tf_source.cloudbuild_project/modules/core_project_factory
- tf_source.cloudbuild_project.project-factory.project_services in .terraform/modules/tf_source.cloudbuild_project/modules/project_services
- tf_source.cloudbuild_project.quotas in .terraform/modules/tf_source.cloudbuild_project/modules/quota_manager
- tf_source.cloudbuild_project.shared_vpc_access in .terraform/modules/tf_source.cloudbuild_project/modules/shared_vpc_access
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.1.0 for tf_workspace...
- tf_workspace in .terraform/modules/tf_workspace/modules/tf_cloudbuild_workspace
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for tf_workspace.artifacts_bucket...
- tf_workspace.artifacts_bucket in .terraform/modules/tf_workspace.artifacts_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for tf_workspace.log_bucket...
- tf_workspace.log_bucket in .terraform/modules/tf_workspace.log_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for tf_workspace.state_bucket...
- tf_workspace.state_bucket in .terraform/modules/tf_workspace.state_bucket/modules/simple_bucket
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/null versions matching ">= 2.1.0"...
- Finding hashicorp/external versions matching ">= 2.2.2"...
- Finding hashicorp/google versions matching ">= 3.33.0, >= 3.43.0, >= 3.50.0, >= 3.53.0, >= 3.64.0, >= 3.67.0, >= 3.77.0, >= 3.83.0, >= 4.17.0, >= 4.25.0, >= 4.28.0, != 4.31.0, >= 4.46.0, >= 4.64.0, >= 5.7.0, < 6.0.0"...
- Finding hashicorp/random versions matching ">= 2.1.0, >= 2.2.0, >= 3.1.0, ~> 3.4"...
- Finding hashicorp/time versions matching ">= 0.5.0"...
- Finding hashicorp/google-beta versions matching ">= 3.43.0, >= 3.50.0, >= 3.64.0, >= 3.67.0, >= 3.77.0, >= 4.11.0, >= 4.17.0, >= 4.28.0, != 4.31.0, >= 4.64.0, >= 5.7.0, < 6.0.0"...
- Installing hashicorp/external v2.3.3...
- Installed hashicorp/external v2.3.3 (signed by HashiCorp)
- Installing hashicorp/google v5.24.0...
- Installed hashicorp/google v5.24.0 (signed by HashiCorp)
- Installing hashicorp/random v3.6.0...
- Installed hashicorp/random v3.6.0 (signed by HashiCorp)
- Installing hashicorp/time v0.11.1...
- Installed hashicorp/time v0.11.1 (signed by HashiCorp)
- Installing hashicorp/google-beta v5.24.0...
- Installed hashicorp/google-beta v5.24.0 (signed by HashiCorp)
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
1137
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform plan -input=false -out bootstrap.tfplan
+ seed_project_id = (known after apply)
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: bootstrap.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "bootstrap.tfplan"
1140 michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform apply bootstrap.tfplan
odule.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/billing.user"]: Creating...
module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0]: Creating...
╷
│ Error: Error creating folder 'fldr-bootstrap' in 'folders/736660879367': googleapi: Error 401: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "metadata": {
│ "method": "google.cloud.resourcemanager.v3.Folders.CreateFolder",
│ "service": "cloudresourcemanager.googleapis.com"
│ },
│ "reason": "ACCESS_TOKEN_EXPIRED"
│ }
│ ]
│
│ More details:
│ Reason: authError, Message: Invalid Credentials
relogin - rerun plan
+ gcs_bucket_tfstate = "bkt-prj-b-seed-tfstate-7120"
+ networks_step_terraform_service_account_email = (known after apply)
+ organization_step_terraform_service_account_email = (known after apply)
+ projects_gcs_bucket_tfstate = "bkt-prj-b-seed-8919-gcp-projects-tfstate"
+ projects_step_terraform_service_account_email = (known after apply)
+ seed_project_id = "prj-b-seed-8919"
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: bootstrap.tfplan
To perform exactly these actions, run the following command to apply:
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform apply bootstrap.tfplan
module.seed_bootstrap.google_organization_iam_binding.billing_creator: Creating...
module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/resourcemanager.organizationAdmin"]: Creating...
module.seed_bootstrap.google_folder_iam_member.org_admin_service_account_user[0]: Creating...
module.seed_bootstrap.google_organization_iam_member.org_billing_admin: Creating...
module.seed_bootstrap.google_folder_iam_member.org_admin_serviceusage_consumer[0]: Creating...
module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/billing.user"]: Creating...
module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0]: Creating...
google_folder.bootstrap: Creating...
google_folder.bootstrap: Still creating... [10s elapsed]
google_folder.bootstrap: Creation complete after 11s [id=folders/173484768969]
╷
│ Error: Error applying IAM policy for folder "folders/736660879367": Error setting IAM policy for folder "folders/736660879367": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0],
│ on .terraform/modules/seed_bootstrap/main.tf line 47, in resource "google_folder_iam_member" "tmp_project_creator":
│ 47: resource "google_folder_iam_member" "tmp_project_creator" {
│
╵
╷
│ Error: Error applying IAM policy for organization "1064386348915": Error setting IAM policy for organization "1064386348915": googleapi: Error 400: Group gcp-billing-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_organization_iam_binding.billing_creator,
│ on .terraform/modules/seed_bootstrap/main.tf line 156, in resource "google_organization_iam_binding" "billing_creator":
│ 156: resource "google_organization_iam_binding" "billing_creator" {
│
╵
╷
│ Error: Error applying IAM policy for organization "1064386348915": Error setting IAM policy for organization "1064386348915": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/resourcemanager.organizationAdmin"],
│ on .terraform/modules/seed_bootstrap/main.tf line 184, in resource "google_organization_iam_member" "org_admins_group":
│ 184: resource "google_organization_iam_member" "org_admins_group" {
│
╵
╷
│ Error: Error applying IAM policy for organization "1064386348915": Error setting IAM policy for organization "1064386348915": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/billing.user"],
│ on .terraform/modules/seed_bootstrap/main.tf line 184, in resource "google_organization_iam_member" "org_admins_group":
│ 184: resource "google_organization_iam_member" "org_admins_group" {
│
╵
╷
│ Error: Error applying IAM policy for organization "1064386348915": Error setting IAM policy for organization "1064386348915": googleapi: Error 400: Group gcp-billing-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_organization_iam_member.org_billing_admin,
│ on .terraform/modules/seed_bootstrap/main.tf line 196, in resource "google_organization_iam_member" "org_billing_admin":
│ 196: resource "google_organization_iam_member" "org_billing_admin" {
│
╵
╷
│ Error: Error applying IAM policy for folder "folders/736660879367": Error setting IAM policy for folder "folders/736660879367": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_folder_iam_member.org_admin_service_account_user[0],
│ on .terraform/modules/seed_bootstrap/main.tf line 259, in resource "google_folder_iam_member" "org_admin_service_account_user":
│ 259: resource "google_folder_iam_member" "org_admin_service_account_user" {
│
╵
╷
│ Error: Error applying IAM policy for folder "folders/736660879367": Error setting IAM policy for folder "folders/736660879367": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_folder_iam_member.org_admin_serviceusage_consumer[0],
│ on .terraform/modules/seed_bootstrap/main.tf line 267, in resource "google_folder_iam_member" "org_admin_serviceusage_consumer":
│ 267: resource "google_folder_iam_member" "org_admin_serviceusage_consumer" {
groups are not created - forgot the flag flips to true
create_required_groups = true # Change to true to create the required_groups
create_optional_groups = true # Change to true to create the optional_groups
1145
ichael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform apply bootstrap.tfplan
module.seed_bootstrap.google_organization_iam_binding.billing_creator: Creating...
module.seed_bootstrap.google_organization_iam_member.org_billing_admin: Creating...
module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/billing.user"]: Creating...
module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0]: Creating...
module.seed_bootstrap.google_folder_iam_member.org_admin_service_account_user[0]: Creating...
module.seed_bootstrap.google_organization_iam_member.org_admins_group["roles/resourcemanager.organizationAdmin"]: Creating...
module.seed_bootstrap.google_folder_iam_member.org_admin_serviceusage_consumer[0]: Creating...
module.required_group["group_org_admins"].google_cloud_identity_group.group: Creating...
module.required_group["audit_data_users"].google_cloud_identity_group.group: Creating...
module.optional_group["gcp_global_secrets_admin"].google_cloud_identity_group.group: Creating...
module.required_group["billing_data_users"].google_cloud_identity_group.group: Creating...
module.optional_group["gcp_kms_admin"].google_cloud_identity_group.group: Creating...
module.required_group["monitoring_workspace_users"].google_cloud_identity_group.group: Creating...
module.seed_bootstrap.google_folder_iam_member.org_admin_service_account_user[0]: Creation complete after 5s [id=folders/736660879367/roles/iam.serviceAccountUser/group:gcp-organization-admins@obrienlabs.xyz]
module.optional_group["gcp_network_viewer"].google_cloud_identity_group.group: Creating...
module.optional_group["gcp_security_reviewer"].google_cloud_identity_group.group: Creation complete after 8s [id=groups/00lnxbz93t65t5i]
╷
│ Error: Error applying IAM policy for folder "folders/736660879367": Error setting IAM policy for folder "folders/736660879367": googleapi: Error 400: Group gcp-organization-admins@obrienlabs.xyz does not exist., badRequest
│
│ with module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0],
│ on .terraform/modules/seed_bootstrap/main.tf line 47, in resource "google_folder_iam_member" "tmp_project_creator":
│ 47: resource "google_folder_iam_member" "tmp_project_creator" {
│
group and groups exist - checking eventually consistent timing
1151
ichael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform apply bootstrap.tfplan
module.seed_bootstrap.google_organization_iam_binding.billing_creator: Creating...
module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0]: Creating...
module.seed_bootstrap.google_organization_iam_member.org_billing_admin: Creating...
module.seed_bootstrap.google_folder_iam_member.tmp_project_creator[0]: Creation complete after 5s [id=folders/736660879367/roles/resourcemanager.projectCreator/group:gcp-organization-admins@obrienlabs.xyz]
module.seed_bootstrap.google_organization_iam_binding.billing_creator: Creation complete after 5s [id=1064386348915/roles/billing.creator]
module.seed_bootstrap.module.seed_project.module.project-factory.google_project.main: Creating...
module.seed_bootstrap.google_organization_iam_member.org_billing_admin: Creation complete after 9s [id=1064386348915/roles/billing.admin/group:gcp-billing-admins@obrienlabs.xyz]
module.seed_bootstrap.module.seed_project.module.project-factory.google_project.main: Creation complete after 3m24s [id=projects/prj-b-seed-8919]
module.seed_bootstrap.module.seed_project.module.project-factory.google_resource_manager_lien.lien[0]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["compute.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["assuredworkloads.googleapis.com"]: Creating...
odule.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["assuredworkloads.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["securitycenter.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["pubsub.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.google_resource_manager_lien.lien[0]: Creation complete after 1s [id=p437626936473-l42f64df3-a0f1-4de5-b8bc-39d20274d516]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["essentialcontacts.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["compute.googleapis.com"]: Creation complete after 3s [id=prj-b-seed-8919/compute.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["assuredworkloads.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["pubsub.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["securitycenter.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["essentialcontacts.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["assuredworkloads.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["securitycenter.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["pubsub.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["essentialcontacts.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/storage-api.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/iam.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["assuredworkloads.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/assuredworkloads.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/cloudkms.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["pubsub.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/pubsub.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["essentialcontacts.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/essentialcontacts.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creation complete after 22s [id=prj-b-seed-8919/cloudresourcemanager.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["accesscontextmanager.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["admin.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["securitycenter.googleapis.com"]: Creation complete after 22s [id=prj-b-seed-8919/securitycenter.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creation complete after 22s [id=prj-b-seed-8919/logging.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/cloudbilling.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iamcredentials.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/cloudbilling.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iamcredentials.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["iamcredentials.googleapis.com"]: Creation complete after 3s [id=prj-b-seed-8919/iamcredentials.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudasset.googleapis.com"]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["admin.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["accesscontextmanager.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Still creating... [10s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudasset.googleapis.com"]: Still creating... [10s elapsed]
odule.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["admin.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["accesscontextmanager.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/cloudbuild.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/appengine.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/billingbudgets.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["admin.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/admin.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Creation complete after 22s [id=prj-b-seed-8919/serviceusage.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/servicenetworking.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/bigquery.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["accesscontextmanager.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/accesscontextmanager.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/monitoring.googleapis.com]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudasset.googleapis.com"]: Still creating... [20s elapsed]
module.seed_bootstrap.module.seed_project.module.project-factory.module.project_services.google_project_service.project_services["cloudasset.googleapis.com"]: Creation complete after 21s [id=prj-b-seed-8919/cloudasset.googleapis.com]
module.seed_bootstrap.data.google_storage_project_service_account.gcs_account: Reading...
module.seed_bootstrap.module.seed_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
google_service_account.terraform-env-sa["proj"]: Creating...
google_service_account.terraform-env-sa["org"]: Creating...
google_service_account.terraform-env-sa["net"]: Creating...
google_service_account.terraform-env-sa["bootstrap"]: Creating...
module.seed_bootstrap.module.kms[0].google_kms_key_ring.key_ring: Creating...
google_service_account.terraform-env-sa["env"]: Creating...
module.seed_bootstrap.module.enable_cross_project_service_account_usage.google_project_organization_policy.project_policy_boolean[0]: Creating...
module.seed_bootstrap.module.seed_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-b-seed-8919]
module.seed_bootstrap.module.kms[0].google_kms_key_ring.key_ring: Creation complete after 1s [id=projects/prj-b-seed-8919/locations/us-central1/keyRings/prj-keyring]
module.seed_bootstrap.module.kms[0].google_kms_crypto_key.key[0]: Creating...
module.seed_bootstrap.module.kms[0].google_kms_crypto_key.key[0]: Creation complete after 0s [id=projects/prj-b-seed-8919/locations/us-central1/keyRings/prj-keyring/cryptoKeys/prj-key]
module.seed_bootstrap.data.google_storage_project_service_account.gcs_account: Read complete after 1s [id=service-437626936473@gs-project-accounts.iam.gserviceaccount.com]
module.seed_bootstrap.module.kms[0].google_kms_crypto_key_iam_binding.decrypters[0]: Creating...
module.seed_bootstrap.module.kms[0].google_kms_crypto_key_iam_binding.encrypters[0]: Creating...
google_service_account.terraform-env-sa["net"]: Creation complete after 1s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.seed_bootstrap.module.enable_cross_project_service_account_usage.google_project_organization_policy.project_policy_boolean[0]: Creation complete after 1s [id=prj-b-seed-8919:constraints/iam.disableCrossProjectServiceAccountUsage]
google_service_account.terraform-env-sa["bootstrap"]: Creation complete after 1s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
google_service_account.terraform-env-sa["proj"]: Creation complete after 2s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_service_account.terraform-env-sa["org"]: Creation complete after 2s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_account_sink: Creating...
google_service_account.terraform-env-sa["env"]: Creation complete after 5s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.tf_billing_user["org"]: Creating...
google_billing_account_iam_member.tf_billing_user["env"]: Creating...
google_billing_account_iam_member.tf_billing_user["bootstrap"]: Creating...
module.seed_bootstrap.google_folder_iam_binding.project_creator[0]: Creating...
google_billing_account_iam_member.tf_billing_user["net"]: Creating...
google_billing_account_iam_member.tf_billing_user["proj"]: Creating...
module.seed_project_iam_member["net"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creating...
google_billing_account_iam_member.billing_account_sink: Creation complete after 4s [id=01BCCE-4EC0EE-DC58C8/roles/logging.configWriter/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.seed_project_iam_member["proj"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creating...
module.seed_bootstrap.module.kms[0].google_kms_crypto_key_iam_binding.decrypters[0]: Creation complete after 8s [id=projects/prj-b-seed-8919/locations/us-central1/keyRings/prj-keyring/cryptoKeys/prj-key/roles/cloudkms.cryptoKeyDecrypter]
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/iam.serviceAccountAdmin"]: Creating...
module.seed_bootstrap.module.kms[0].google_kms_crypto_key_iam_binding.encrypters[0]: Creation complete after 8s [id=projects/prj-b-seed-8919/locations/us-central1/keyRings/prj-keyring/cryptoKeys/prj-key/roles/cloudkms.cryptoKeyEncrypter]
module.seed_project_iam_member["org"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creating...
module.seed_bootstrap.google_folder_iam_binding.project_creator[0]: Creation complete after 5s [id=folders/736660879367/roles/resourcemanager.projectCreator]
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudkms.admin"]: Creating...
google_billing_account_iam_member.tf_billing_user["org"]: Still creating... [10s elapsed]
google_billing_account_iam_member.tf_billing_user["env"]: Still creating... [10s elapsed]
google_billing_account_iam_member.tf_billing_user["bootstrap"]: Still creating... [10s elapsed]
google_billing_account_iam_member.tf_billing_user["net"]: Still creating... [10s elapsed]
google_billing_account_iam_member.tf_billing_user["proj"]: Still creating... [10s elapsed]
module.seed_project_iam_member["net"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Still creating... [10s elapsed]
module.seed_project_iam_member["proj"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creation complete after 10s [id=prj-b-seed-8919/roles/storage.objectAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/storage.admin"]: Creating...
module.seed_project_iam_member["net"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creation complete after 11s [id=prj-b-seed-8919/roles/storage.objectAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/resourcemanager.projectDeleter"]: Creating...
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudkms.admin"]: Creation complete after 7s [id=prj-b-seed-8919/roles/cloudkms.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.seed_project_iam_member["env"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creating...
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/iam.serviceAccountAdmin"]: Creation complete after 8s [id=prj-b-seed-8919/roles/iam.serviceAccountAdmin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.securityAdmin"]: Creating...
module.seed_project_iam_member["org"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creation complete after 8s [id=prj-b-seed-8919/roles/storage.objectAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderViewer"]: Creating...
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.securityAdmin"]: Creation complete after 4s [id=folders/736660879367/roles/compute.securityAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creating...
module.seed_project_iam_member["env"].google_project_iam_member.project_parent_iam["roles/storage.objectAdmin"]: Creation complete after 7s [id=prj-b-seed-8919/roles/storage.objectAdmin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Creating...
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/storage.admin"]: Creation complete after 8s [id=prj-b-seed-8919/roles/storage.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/dns.admin"]: Creating...
module.seed_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/resourcemanager.projectDeleter"]: Creation complete after 8s [id=prj-b-seed-8919/roles/resourcemanager.projectDeleter/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["org"]: Still creating... [20s elapsed]
google_billing_account_iam_member.tf_billing_user["env"]: Still creating... [20s elapsed]
google_billing_account_iam_member.tf_billing_user["bootstrap"]: Still creating... [20s elapsed]
google_billing_account_iam_member.tf_billing_user["net"]: Still creating... [20s elapsed]
google_billing_account_iam_member.tf_billing_user["proj"]: Still creating... [20s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderViewer"]: Creation complete after 9s [id=folders/736660879367/roles/resourcemanager.folderViewer/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["org"]: Creation complete after 22s [id=01BCCE-4EC0EE-DC58C8/roles/billing.user/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["env"]: Creation complete after 23s [id=01BCCE-4EC0EE-DC58C8/roles/billing.user/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["bootstrap"]: Creation complete after 23s [id=01BCCE-4EC0EE-DC58C8/roles/billing.user/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["net"]: Creation complete after 23s [id=01BCCE-4EC0EE-DC58C8/roles/billing.user/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Creating...
google_billing_account_iam_member.tf_billing_user["proj"]: Creation complete after 23s [id=01BCCE-4EC0EE-DC58C8/roles/billing.user/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Creating...
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/dns.admin"]: Still creating... [10s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Still creating... [10s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Still creating... [10s elapsed]
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/dns.admin"]: Still creating... [20s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Still creating... [20s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Still creating... [20s elapsed]
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/dns.admin"]: Still creating... [30s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Still creating... [30s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Still creating... [30s elapsed]
odule.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Still creating... [40s elapsed]
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Still creating... [40s elapsed]
module.parent_iam_member["bootstrap"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creation complete after 49s [id=folders/736660879367/roles/resourcemanager.folderAdmin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Creating...
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Creation complete after 47s [id=folders/736660879367/roles/compute.networkAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/logging.configWriter"]: Creating...
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/dns.admin"]: Creation complete after 47s [id=folders/736660879367/roles/dns.admin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creating...
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityPolicyAdmin"]: Creation complete after 47s [id=folders/736660879367/roles/compute.orgSecurityPolicyAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creating...
module.parent_iam_member["env"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creation complete after 45s [id=folders/736660879367/roles/resourcemanager.folderAdmin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Creating...
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.orgSecurityResourceAdmin"]: Creation complete after 43s [id=folders/736660879367/roles/compute.orgSecurityResourceAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creating...
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creation complete after 44s [id=folders/736660879367/roles/resourcemanager.folderAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Creating...
module.parent_iam_member["org"].google_folder_iam_member.folder_parent_iam["roles/resourcemanager.folderAdmin"]: Creation complete after 44s [id=folders/736660879367/roles/resourcemanager.folderAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creating...
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/compute.xpnAdmin"]: Creation complete after 44s [id=folders/736660879367/roles/compute.xpnAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creating...
module.parent_iam_member["proj"].google_folder_iam_member.folder_parent_iam["roles/artifactregistry.admin"]: Creation complete after 44s [id=folders/736660879367/roles/artifactregistry.admin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/logging.configWriter"]: Creation complete after 4s [id=1064386348915/roles/logging.configWriter/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Creating...
module.parent_iam_member["net"].google_folder_iam_member.folder_parent_iam["roles/compute.networkAdmin"]: Creation complete after 6s [id=folders/736660879367/roles/compute.networkAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Creating...
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [10s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [10s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Still creating... [10s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Still creating... [10s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [20s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Still creating... [20s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Still creating... [20s elapsed]
odule.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Still creating... [20s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [30s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Still creating... [30s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [40s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Still creating... [40s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Still creating... [40s elapsed]
odule.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Still creating... [40s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 46s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Creating...
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 46s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creating...
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Creation complete after 46s [id=1064386348915/roles/resourcemanager.tagUser/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creating...
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creation complete after 46s [id=1064386348915/roles/accesscontextmanager.policyAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/essentialcontacts.admin"]: Creation complete after 45s [id=1064386348915/roles/essentialcontacts.admin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creation complete after 46s [id=1064386348915/roles/resourcemanager.organizationAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creation complete after 46s [id=1064386348915/roles/accesscontextmanager.policyAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagAdmin"]: Creation complete after 46s [id=1064386348915/roles/resourcemanager.tagAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Creation complete after 43s [id=1064386348915/roles/serviceusage.serviceUsageConsumer/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/cloudasset.owner"]: Creation complete after 42s [id=1064386348915/roles/cloudasset.owner/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [10s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [10s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [10s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [10s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [10s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [10s elapsed]
odule.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [20s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [30s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [40s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [40s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.tagUser/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/orgpolicy.policyAdmin"]: Creating...
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.organizationAdmin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationViewer"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.notificationConfigEditor"]: Creating...
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creating...
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Creation complete after 43s [id=1064386348915/roles/compute.xpnAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Creating...
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Creation complete after 42s [id=1064386348915/roles/assuredworkloads.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["env"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.organizationAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["org"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Creation complete after 42s [id=1064386348915/roles/securitycenter.sourcesEditor/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["proj"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creation complete after 43s [id=1064386348915/roles/accesscontextmanager.policyAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["bootstrap"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["net"]: Creating...
odule.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [20s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [20s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [20s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [30s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [30s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [30s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Still creating... [40s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Still creating... [40s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Still creating... [40s elapsed]
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Still creating... [40s elapsed]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.tagUser"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.tagUser/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/orgpolicy.policyAdmin"]: Creating...
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.organizationAdmin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationViewer"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.notificationConfigEditor"]: Creating...
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creating...
module.org_iam_member["net"].google_organization_iam_member.org_parent_iam["roles/compute.xpnAdmin"]: Creation complete after 43s [id=1064386348915/roles/compute.xpnAdmin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.org_iam_member["bootstrap"].google_organization_iam_member.org_parent_iam["roles/serviceusage.serviceUsageConsumer"]: Creating...
module.org_iam_member["env"].google_organization_iam_member.org_parent_iam["roles/assuredworkloads.admin"]: Creation complete after 42s [id=1064386348915/roles/assuredworkloads.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["env"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/resourcemanager.organizationAdmin"]: Creation complete after 42s [id=1064386348915/roles/resourcemanager.organizationAdmin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["org"]: Creating...
module.org_iam_member["org"].google_organization_iam_member.org_parent_iam["roles/securitycenter.sourcesEditor"]: Creation complete after 42s [id=1064386348915/roles/securitycenter.sourcesEditor/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["proj"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/accesscontextmanager.policyAdmin"]: Creation complete after 43s [id=1064386348915/roles/accesscontextmanager.policyAdmin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["bootstrap"]: Creating...
module.org_iam_member["proj"].google_organization_iam_member.org_parent_iam["roles/browser"]: Creation complete after 43s [id=1064386348915/roles/browser/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_billing_account_iam_member.billing_admin_user["net"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [30s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [40s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [50s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m0s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m30s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m40s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [1m50s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m0s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m30s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m40s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [2m50s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [3m0s elapsed]
odule.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [3m0s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [3m10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Still creating... [3m20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.google_project.main: Creation complete after 3m24s [id=projects/prj-b-cicd-82vv]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.google_service_account.default_service_account[0]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["compute.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudscheduler.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["workflows.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/serviceAccounts/project-service-account@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["compute.googleapis.com"]: Creation complete after 3s [id=prj-b-cicd-82vv/compute.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudscheduler.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["workflows.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [10s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudscheduler.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["workflows.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["serviceusage.googleapis.com"]: Creation complete after 21s [id=prj-b-cicd-82vv/serviceusage.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["appengine.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/appengine.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudscheduler.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/cloudscheduler.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbilling.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/cloudbuild.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["workflows.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/workflows.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creation complete after 21s [id=prj-b-cicd-82vv/sourcerepo.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["bigquery.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/bigquery.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/iam.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["servicenetworking.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/servicenetworking.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["dns.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["admin.googleapis.com"]: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [20s elapsed]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["storage-api.googleapis.com"]: Creation complete after 2s [id=prj-b-cicd-82vv/storage-api.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creation complete after 3s [id=prj-b-cicd-82vv/logging.googleapis.com]
module.tf_source.module.cloudbuild_project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creation complete after 22s [id=prj-b-cicd-82vv/artifactregistry.googleapis.com]
odule.tf_source.module.cloudbuild_bucket.google_storage_bucket.bucket: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-networks"]: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-environments"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-environments]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-bootstrap"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-bootstrap]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-org"]: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-networks"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-networks]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-projects"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-projects]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-policies"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-policies]
module.tf_source.module.cloudbuild_bucket.google_storage_bucket.bucket: Creation complete after 1s [id=prj-b-cicd-82vv_cloudbuild]
module.tf_source.google_storage_bucket_iam_member.cloudbuild_iam: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-org"]: Creation complete after 0s [id=projects/prj-b-cicd-82vv/repos/gcp-org]
module.tf_source.google_sourcerepo_repository.gcp_repo["tf-cloudbuilder"]: Creation complete after 2s [id=projects/prj-b-cicd-82vv/repos/tf-cloudbuilder]
module.tf_source.google_storage_bucket_iam_member.cloudbuild_iam: Creation complete after 4s [id=b/prj-b-cicd-82vv_cloudbuild/roles/storage.admin/serviceAccount:785189507742@cloudbuild.gserviceaccount.com]
module.tf_source.google_project_iam_member.org_admins_cloudbuild_editor: Creation complete after 7s [id=prj-b-cicd-82vv/roles/cloudbuild.builds.editor/group:gcp-organization-admins@obrienlabs.xyz]
module.tf_source.google_project_iam_member.org_admins_cloudbuild_viewer: Creation complete after 7s [id=prj-b-cicd-82vv/roles/viewer/group:gcp-organization-admins@obrienlabs.xyz]
module.tf_source.google_project_iam_member.org_admins_source_repo_admin[0]: Creation complete after 7s [id=prj-b-cicd-82vv/roles/source.admin/group:gcp-organization-admins@obrienlabs.xyz]
module.bootstrap_csr_repo.null_resource.run_command[0]: Creating...
module.tf_private_pool.module.peered_network[0].module.vpc.google_compute_network.network: Creating...
google_sourcerepo_repository_iam_member.member["org"]: Creating...
module.tf_cloud_builder.google_service_account.cb_sa[0]: Creating...
module.tf_cloud_builder.google_artifact_registry_repository.tf-image-repo: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/google-cloud-sdk/bin:$PATH\n./scripts/push-to-repo.sh prj-b-cicd-82vv tf-cloudbuilder ./Dockerfile\n"]
google_sourcerepo_repository_iam_member.member["proj"]: Creating...
module.tf_cloud_builder.google_service_account.workflow_sa[0]: Creating...
google_sourcerepo_repository_iam_member.member["env"]: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + '[' 3 -lt 3 ']'
module.tf_cloud_builder.module.bucket.google_storage_bucket.bucket: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_PROJECT_ID=prj-b-cicd-82vv
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_NAME=tf-cloudbuilder
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + DOCKERFILE_PATH=./Dockerfile
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): ++ mktemp -d
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + tmp_dir=/tmp/tmp.xMNfsxhn6Q
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + gcloud source repos clone tf-cloudbuilder /tmp/tmp.xMNfsxhn6Q --project prj-b-cicd-82vv
google_sourcerepo_repository_iam_member.member["net"]: Creating...
module.tf_cloud_builder.module.bucket.google_storage_bucket.bucket: Creation complete after 0s [id=bkt-prj-b-cicd-82vv-tf-cloudbuilder-build-logs]
google_sourcerepo_repository_iam_member.member["bootstrap"]: Creating...
module.tf_cloud_builder.google_service_account.cb_sa[0]: Creation complete after 0s [id=projects/prj-b-cicd-82vv/serviceAccounts/tf-cb-builder-sa@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/source.admin"]: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): ERROR: (gcloud.source.repos.clone) UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudbuild.builds.editor"]: Creating...
module.tf_cloud_builder.google_service_account.workflow_sa[0]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/serviceAccounts/terraform-runner-workflow-sa@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/iam.workloadIdentityPoolAdmin"]: Creating...
google_sourcerepo_repository_iam_member.member["org"]: Creation complete after 4s [id=projects/prj-b-cicd-82vv/repos/gcp-policies/roles/viewer/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudscheduler.admin"]: Creating...
odule.tf_source.module.cloudbuild_bucket.google_storage_bucket.bucket: Creating...
module.tf_source.module.cloudbuild_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-networks"]: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-environments"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-environments]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-bootstrap"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-bootstrap]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-org"]: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-networks"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-networks]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-projects"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-projects]
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-policies"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/repos/gcp-policies]
module.tf_source.module.cloudbuild_bucket.google_storage_bucket.bucket: Creation complete after 1s [id=prj-b-cicd-82vv_cloudbuild]
module.tf_source.google_storage_bucket_iam_member.cloudbuild_iam: Creating...
module.tf_source.google_sourcerepo_repository.gcp_repo["gcp-org"]: Creation complete after 0s [id=projects/prj-b-cicd-82vv/repos/gcp-org]
module.tf_source.google_sourcerepo_repository.gcp_repo["tf-cloudbuilder"]: Creation complete after 2s [id=projects/prj-b-cicd-82vv/repos/tf-cloudbuilder]
module.tf_source.google_storage_bucket_iam_member.cloudbuild_iam: Creation complete after 4s [id=b/prj-b-cicd-82vv_cloudbuild/roles/storage.admin/serviceAccount:785189507742@cloudbuild.gserviceaccount.com]
module.tf_source.google_project_iam_member.org_admins_cloudbuild_editor: Creation complete after 7s [id=prj-b-cicd-82vv/roles/cloudbuild.builds.editor/group:gcp-organization-admins@obrienlabs.xyz]
module.tf_source.google_project_iam_member.org_admins_cloudbuild_viewer: Creation complete after 7s [id=prj-b-cicd-82vv/roles/viewer/group:gcp-organization-admins@obrienlabs.xyz]
module.tf_source.google_project_iam_member.org_admins_source_repo_admin[0]: Creation complete after 7s [id=prj-b-cicd-82vv/roles/source.admin/group:gcp-organization-admins@obrienlabs.xyz]
module.bootstrap_csr_repo.null_resource.run_command[0]: Creating...
module.tf_private_pool.module.peered_network[0].module.vpc.google_compute_network.network: Creating...
google_sourcerepo_repository_iam_member.member["org"]: Creating...
module.tf_cloud_builder.google_service_account.cb_sa[0]: Creating...
module.tf_cloud_builder.google_artifact_registry_repository.tf-image-repo: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/google-cloud-sdk/bin:$PATH\n./scripts/push-to-repo.sh prj-b-cicd-82vv tf-cloudbuilder ./Dockerfile\n"]
google_sourcerepo_repository_iam_member.member["proj"]: Creating...
module.tf_cloud_builder.google_service_account.workflow_sa[0]: Creating...
google_sourcerepo_repository_iam_member.member["env"]: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + '[' 3 -lt 3 ']'
module.tf_cloud_builder.module.bucket.google_storage_bucket.bucket: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_PROJECT_ID=prj-b-cicd-82vv
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_NAME=tf-cloudbuilder
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + DOCKERFILE_PATH=./Dockerfile
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): ++ mktemp -d
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + tmp_dir=/tmp/tmp.xMNfsxhn6Q
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + gcloud source repos clone tf-cloudbuilder /tmp/tmp.xMNfsxhn6Q --project prj-b-cicd-82vv
google_sourcerepo_repository_iam_member.member["net"]: Creating...
module.tf_cloud_builder.module.bucket.google_storage_bucket.bucket: Creation complete after 0s [id=bkt-prj-b-cicd-82vv-tf-cloudbuilder-build-logs]
google_sourcerepo_repository_iam_member.member["bootstrap"]: Creating...
module.tf_cloud_builder.google_service_account.cb_sa[0]: Creation complete after 0s [id=projects/prj-b-cicd-82vv/serviceAccounts/tf-cb-builder-sa@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/source.admin"]: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): ERROR: (gcloud.source.repos.clone) UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudbuild.builds.editor"]: Creating...
module.tf_cloud_builder.google_service_account.workflow_sa[0]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/serviceAccounts/terraform-runner-workflow-sa@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/iam.workloadIdentityPoolAdmin"]: Creating...
google_sourcerepo_repository_iam_member.member["org"]: Creation complete after 4s [id=projects/prj-b-cicd-82vv/repos/gcp-policies/roles/viewer/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.cicd_project_iam_member["bootstrap"].google_project_iam_member.project_parent_iam["roles/cloudscheduler.admin"]: Creating...
module.tf_cloud_builder.google_project_iam_member.logs_writer: Creation complete after 8s [id=prj-b-cicd-82vv/roles/logging.logWriter/serviceAccount:tf-cb-builder-sa@prj-b-cicd-82vv.iam.gserviceaccount.com]
module.tf_cloud_builder.google_cloud_scheduler_job.trigger_workflow: Creation complete after 8s [id=projects/prj-b-cicd-82vv/locations/us-central1/jobs/trigger-terraform-runner-workflow]
module.bootstrap_projects_remove_editor["seed"].google_project_iam_binding.iam_remove["roles/editor"]: Creation complete after 7s [id=prj-b-seed-8919/roles/editor]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["env"]: Still creating... [10s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["proj"]: Still creating... [10s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["org"]: Still creating... [10s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["net"]: Still creating... [10s elapsed]
module.tf_private_pool.module.peered_network[0].module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-b-cbpools-us-central1"]: Still creating... [10s elapsed]
module.bootstrap_projects_remove_editor["cicd"].google_project_iam_binding.iam_remove["roles/editor"]: Creation complete after 7s [id=prj-b-cicd-82vv/roles/editor]
module.tf_private_pool.google_compute_global_address.worker_pool_range[0]: Still creating... [10s elapsed]
module.tf_private_pool.google_compute_global_address.worker_pool_range[0]: Creation complete after 11s [id=projects/prj-b-cicd-82vv/global/addresses/ga-b-cbpools-worker-pool-range]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Creating...
module.tf_private_pool.module.firewall_rules[0].google_compute_firewall.rules["fw-b-cbpools-100-i-a-all-all-all-service-networking"]: Creating...
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["env"]: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["proj"]: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["org"]: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["net"]: Still creating... [20s elapsed]
module.tf_private_pool.module.peered_network[0].module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-b-cbpools-us-central1"]: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["env"]: Creation complete after 22s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["proj"]: Creation complete after 22s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["org"]: Creation complete after 22s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.terraform_sa_artifact_registry_reader["net"]: Creation complete after 22s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_private_pool.module.peered_network[0].module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-b-cbpools-us-central1"]: Creation complete after 22s [id=projects/prj-b-cicd-82vv/regions/us-central1/subnetworks/sb-b-cbpools-us-central1]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [10s elapsed]
module.tf_private_pool.module.firewall_rules[0].google_compute_firewall.rules["fw-b-cbpools-100-i-a-all-all-all-service-networking"]: Still creating... [10s elapsed]
odule.tf_private_pool.module.firewall_rules[0].google_compute_firewall.rules["fw-b-cbpools-100-i-a-all-all-all-service-networking"]: Creation complete after 11s [id=projects/prj-b-cicd-82vv/global/firewalls/fw-b-cbpools-100-i-a-all-all-all-service-networking]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [20s elapsed]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [30s elapsed]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [40s elapsed]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [50s elapsed]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Still creating... [1m0s elapsed]
module.tf_private_pool.google_service_networking_connection.worker_pool_conn[0]: Creation complete after 1m2s [id=projects%2Fprj-b-cicd-82vv%2Fglobal%2Fnetworks%2Fvpc-b-cbpools:servicenetworking.googleapis.com]
module.tf_private_pool.google_compute_network_peering_routes_config.peering_routes[0]: Creating...
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Creating...
module.tf_private_pool.google_compute_network_peering_routes_config.peering_routes[0]: Creating...
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Creating...
module.tf_private_pool.google_compute_network_peering_routes_config.peering_routes[0]: Still creating... [10s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [10s elapsed]
module.tf_private_pool.google_compute_network_peering_routes_config.peering_routes[0]: Creation complete after 11s [id=projects/prj-b-cicd-82vv/global/networks/vpc-b-cbpools/networkPeerings/servicenetworking-googleapis-com]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [20s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [30s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [40s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [50s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [1m0s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Creation complete after 1m2s [id=projects/prj-b-cicd-82vv/locations/us-central1/workerPools/private-pool-yqvb]
module.tf_cloud_builder.google_cloudbuild_trigger.build_trigger: Creating...
module.tf_cloud_builder.google_cloudbuild_trigger.build_trigger: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/29a34ab9-e42f-4f02-9d42-614d7be613c9]
module.tf_workspace["proj"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["org"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["env"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["bootstrap"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["net"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["bootstrap"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["proj"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["proj"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["org"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["bootstrap"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["net"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["env"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["org"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["env"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["net"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["bootstrap"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [40s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [50s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Still creating... [1m0s elapsed]
module.tf_private_pool.google_cloudbuild_worker_pool.private_pool: Creation complete after 1m2s [id=projects/prj-b-cicd-82vv/locations/us-central1/workerPools/private-pool-yqvb]
module.tf_cloud_builder.google_cloudbuild_trigger.build_trigger: Creating...
module.tf_cloud_builder.google_cloudbuild_trigger.build_trigger: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/29a34ab9-e42f-4f02-9d42-614d7be613c9]
module.tf_workspace["proj"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["org"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["env"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["bootstrap"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["net"].data.google_project.cloudbuild_project[0]: Reading...
module.tf_workspace["bootstrap"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["proj"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["proj"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["org"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["bootstrap"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["net"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["env"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-b-cicd-82vv]
module.tf_workspace["org"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["env"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["net"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["bootstrap"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["env"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.tf_workspace["net"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 4s [id=projects/prj-b-seed-8919/serviceAccounts/sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_project_iam_member.cb_sa_logging: Creating...
module.tf_workspace["org"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.tf_workspace["env"].google_project_iam_member.pool_user[0]: Creation complete after 8s [id=prj-b-cicd-82vv/roles/cloudbuild.workerPoolUser/serviceAccount:785189507742@cloudbuild.gserviceaccount.com]
module.tf_workspace["proj"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.tf_workspace["env"].google_storage_bucket_iam_member.log_admin: Creation complete after 3s [id=b/bkt-prj-b-cicd-82vv-gcp-environments-build-logs/roles/storage.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-projects-build-logs/roles/storage.admin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-bootstrap-build-logs/roles/storage.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-bootstrap-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["env"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["net"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-networks-build-logs/roles/storage.admin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["net"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["org"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-org-build-logs/roles/storage.admin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/0f5f779e-3136-4ad4-a007-32647b7ceee0]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/fdf96156-f457-47aa-824d-dba69d6812ce]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/61fd9472-bf8e-4146-9c4e-64c3b05cacb3]
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/070191ee-edba-4a6d-8382-2a41fe4463da]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/343ac1be-ff42-4c5b-9a8d-8a751ff02767]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/b3a3f024-03f4-4164-bbcf-2b1ef2ba74f0]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/045135b5-29a2-4066-8818-09c32890aaab]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/3c1f05c0-0850-414d-9dee-6bd7bd3e1af2]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/a1129dc9-c1e6-47d5-9a20-7518c82fe900]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/70966480-5d2c-4aa4-a7aa-1e0aaeb711f1]
module.tf_workspace["proj"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-org-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
╷
│ Error: local-exec provisioner error
│
│ with module.bootstrap_csr_repo.null_resource.run_command[0],
│ on .terraform/modules/bootstrap_csr_repo/main.tf line 232, in resource "null_resource" "run_command":
│ 232: provisioner "local-exec" {
│
│ Error running command 'PATH=/google-cloud-sdk/bin:$PATH
│ ./scripts/push-to-repo.sh prj-b-cicd-82vv tf-cloudbuilder ./Dockerfile
│ ': exit status 1. Output: + '[' 3 -lt 3 ']'
│ + CSR_PROJECT_ID=prj-b-cicd-82vv
│ + CSR_NAME=tf-cloudbuilder
│ + DOCKERFILE_PATH=./Dockerfile
│ ++ mktemp -d
│ + tmp_dir=/tmp/tmp.xMNfsxhn6Q
│ + gcloud source repos clone tf-cloudbuilder /tmp/tmp.xMNfsxhn6Q --project prj-b-cicd-82vv
│ ERROR: (gcloud.source.repos.clone) UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication
│ credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
│
1210 timed out again, relogging in
module.tf_workspace["org"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.tf_workspace["env"].google_project_iam_member.pool_user[0]: Creation complete after 8s [id=prj-b-cicd-82vv/roles/cloudbuild.workerPoolUser/serviceAccount:785189507742@cloudbuild.gserviceaccount.com]
module.tf_workspace["proj"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.tf_workspace["env"].google_storage_bucket_iam_member.log_admin: Creation complete after 3s [id=b/bkt-prj-b-cicd-82vv-gcp-environments-build-logs/roles/storage.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["proj"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-projects-build-logs/roles/storage.admin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-bootstrap-build-logs/roles/storage.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-bootstrap-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["env"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["net"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-networks-build-logs/roles/storage.admin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["net"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["org"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-org-build-logs/roles/storage.admin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/0f5f779e-3136-4ad4-a007-32647b7ceee0]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/fdf96156-f457-47aa-824d-dba69d6812ce]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/61fd9472-bf8e-4146-9c4e-64c3b05cacb3]
module.tf_workspace["env"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/070191ee-edba-4a6d-8382-2a41fe4463da]
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/343ac1be-ff42-4c5b-9a8d-8a751ff02767]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/b3a3f024-03f4-4164-bbcf-2b1ef2ba74f0]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.tf_workspace["net"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/045135b5-29a2-4066-8818-09c32890aaab]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/3c1f05c0-0850-414d-9dee-6bd7bd3e1af2]
module.tf_workspace["proj"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/a1129dc9-c1e6-47d5-9a20-7518c82fe900]
module.tf_workspace["bootstrap"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 1s [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/70966480-5d2c-4aa4-a7aa-1e0aaeb711f1]
module.tf_workspace["proj"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com]
module.tf_workspace["org"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-b-cicd-82vv-gcp-org-build-artifacts/roles/storage.admin/serviceAccount:sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com]
╷
│ Error: local-exec provisioner error
│
│ with module.bootstrap_csr_repo.null_resource.run_command[0],
│ on .terraform/modules/bootstrap_csr_repo/main.tf line 232, in resource "null_resource" "run_command":
│ 232: provisioner "local-exec" {
│
│ Error running command 'PATH=/google-cloud-sdk/bin:$PATH
│ ./scripts/push-to-repo.sh prj-b-cicd-82vv tf-cloudbuilder ./Dockerfile
│ ': exit status 1. Output: + '[' 3 -lt 3 ']'
│ + CSR_PROJECT_ID=prj-b-cicd-82vv
│ + CSR_NAME=tf-cloudbuilder
│ + DOCKERFILE_PATH=./Dockerfile
│ ++ mktemp -d
│ + tmp_dir=/tmp/tmp.xMNfsxhn6Q
│ + gcloud source repos clone tf-cloudbuilder /tmp/tmp.xMNfsxhn6Q --project prj-b-cicd-82vv
│ ERROR: (gcloud.source.repos.clone) UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication
│ credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
│
1213
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform apply bootstrap.tfplan
Acquiring state lock. This may take a few moments...
module.bootstrap_csr_repo.null_resource.run_command[0]: Destroying... [id=7230674911796820867]
module.bootstrap_csr_repo.null_resource.run_command[0]: Destruction complete after 0s
module.bootstrap_csr_repo.null_resource.run_command[0]: Creating...
module.bootstrap_csr_repo.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/google-cloud-sdk/bin:$PATH\n./scripts/push-to-repo.sh prj-b-cicd-82vv tf-cloudbuilder ./Dockerfile\n"]
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + '[' 3 -lt 3 ']'
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_PROJECT_ID=prj-b-cicd-82vv
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + CSR_NAME=tf-cloudbuilder
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + DOCKERFILE_PATH=./Dockerfile
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): ++ mktemp -d
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + tmp_dir=/tmp/tmp.bWjiGVGdcp
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + gcloud source repos clone tf-cloudbuilder /tmp/tmp.bWjiGVGdcp --project prj-b-cicd-82vv
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Cloning into '/tmp/tmp.bWjiGVGdcp'...
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): warning: You appear to have cloned an empty repository.
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Project [prj-b-cicd-82vv] repository [tf-cloudbuilder] was cloned to [/tmp/tmp.bWjiGVGdcp].
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + cp ./Dockerfile /tmp/tmp.bWjiGVGdcp
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + pushd /tmp/tmp.bWjiGVGdcp
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): /tmp/tmp.bWjiGVGdcp ~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git config credential.helper gcloud.sh
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git config init.defaultBranch main
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git config user.email terraform-robot@example.com
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git config user.name 'TF Robot'
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git checkout main
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): error: pathspec 'main' did not match any file(s) known to git
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git checkout -b main
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): Switched to a new branch 'main'
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git add Dockerfile
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git commit -m 'Initialize tf dockerfile repo'
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): [main (root-commit) 6ccc20f] Initialize tf dockerfile repo
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): 1 file changed, 39 insertions(+)
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): create mode 100644 Dockerfile
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): + git push origin main -f
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): remote: Waiting for private key checker: 1/1 objects left
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): To https://source.developers.google.com/p/prj-b-cicd-82vv/r/tf-cloudbuilder
module.bootstrap_csr_repo.null_resource.run_command[0] (local-exec): * [new branch] main -> main
module.bootstrap_csr_repo.null_resource.run_command[0]: Creation complete after 9s [id=7949777391628366700]
time_sleep.cloud_builder: Creating...
time_sleep.cloud_builder: Still creating... [10s elapsed]
time_sleep.cloud_builder: Still creating... [20s elapsed]
time_sleep.cloud_builder: Still creating... [30s elapsed]
time_sleep.cloud_builder: Creation complete after 30s [id=2024-04-09T16:14:51Z]
module.build_terraform_image.null_resource.module_depends_on[0]: Creating...
module.build_terraform_image.null_resource.module_depends_on[0]: Creation complete after 0s [id=5076526115309788801]
module.build_terraform_image.null_resource.run_command[0]: Creating...
module.build_terraform_image.null_resource.run_destroy_command[0]: Creating...
module.build_terraform_image.null_resource.run_destroy_command[0]: Creation complete after 1s [id=1744504265272094841]
module.build_terraform_image.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.build_terraform_image.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/google-cloud-sdk/bin:$PATH\ngcloud beta builds triggers run 29a34ab9-e42f-4f02-9d42-614d7be613c9 --branch main --region us-central1 --project prj-b-cicd-82vv\n"]
module.build_terraform_image.null_resource.run_command[0] (local-exec): metadata:
module.build_terraform_image.null_resource.run_command[0] (local-exec): '@type': type.googleapis.com/google.devtools.cloudbuild.v1.BuildOperationMetadata
module.build_terraform_image.null_resource.run_command[0] (local-exec): build:
module.build_terraform_image.null_resource.run_command[0] (local-exec): artifacts:
module.build_terraform_image.null_resource.run_command[0] (local-exec): images:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3
module.build_terraform_image.null_resource.run_command[0] (local-exec): buildTriggerId: 29a34ab9-e42f-4f02-9d42-614d7be613c9
module.build_terraform_image.null_resource.run_command[0] (local-exec): createTime: '2024-04-09T16:14:54.392322Z'
module.build_terraform_image.null_resource.run_command[0] (local-exec): id: 511923ec-4dba-43a7-b883-df81d934543b
module.build_terraform_image.null_resource.run_command[0] (local-exec): images:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1
module.build_terraform_image.null_resource.run_command[0] (local-exec): - us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3
module.build_terraform_image.null_resource.run_command[0] (local-exec): logUrl: https://console.cloud.google.com/cloud-build/builds;region=us-central1/511923ec-4dba-43a7-b883-df81d934543b?project=785189507742
module.build_terraform_image.null_resource.run_command[0] (local-exec): logsBucket: gs://bkt-prj-b-cicd-82vv-tf-cloudbuilder-build-logs
module.build_terraform_image.null_resource.run_command[0] (local-exec): name: projects/785189507742/locations/us-central1/builds/511923ec-4dba-43a7-b883-df81d934543b
module.build_terraform_image.null_resource.run_command[0] (local-exec): options:
module.build_terraform_image.null_resource.run_command[0] (local-exec): dynamicSubstitutions: true
module.build_terraform_image.null_resource.run_command[0] (local-exec): logging: LEGACY
module.build_terraform_image.null_resource.run_command[0] (local-exec): pool:
module.build_terraform_image.null_resource.run_command[0] (local-exec): name: projects/prj-b-cicd-82vv/locations/us-central1/workerPools/private-pool-yqvb
module.build_terraform_image.null_resource.run_command[0] (local-exec): substitutionOption: ALLOW_LOOSE
module.build_terraform_image.null_resource.run_command[0] (local-exec): projectId: prj-b-cicd-82vv
module.build_terraform_image.null_resource.run_command[0] (local-exec): queueTtl: 3600s
module.build_terraform_image.null_resource.run_command[0] (local-exec): serviceAccount: projects/prj-b-cicd-82vv/serviceAccounts/tf-cb-builder-sa@prj-b-cicd-82vv.iam.gserviceaccount.com
module.build_terraform_image.null_resource.run_command[0] (local-exec): source:
module.build_terraform_image.null_resource.run_command[0] (local-exec): repoSource:
module.build_terraform_image.null_resource.run_command[0] (local-exec): commitSha: 6ccc20f932ba6f63365302298980f9b1077fd164
module.build_terraform_image.null_resource.run_command[0] (local-exec): projectId: prj-b-cicd-82vv
module.build_terraform_image.null_resource.run_command[0] (local-exec): repoName: tf-cloudbuilder
module.build_terraform_image.null_resource.run_command[0] (local-exec): sourceProvenance:
module.build_terraform_image.null_resource.run_command[0] (local-exec): resolvedRepoSource:
module.build_terraform_image.null_resource.run_command[0] (local-exec): commitSha: 6ccc20f932ba6f63365302298980f9b1077fd164
module.build_terraform_image.null_resource.run_command[0] (local-exec): projectId: prj-b-cicd-82vv
module.build_terraform_image.null_resource.run_command[0] (local-exec): repoName: tf-cloudbuilder
module.build_terraform_image.null_resource.run_command[0] (local-exec): status: QUEUED
module.build_terraform_image.null_resource.run_command[0] (local-exec): steps:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - args:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - build
module.build_terraform_image.null_resource.run_command[0] (local-exec): - --tag=us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): - --tag=us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1
module.build_terraform_image.null_resource.run_command[0] (local-exec): - --tag=us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3
module.build_terraform_image.null_resource.run_command[0] (local-exec): - --build-arg=TERRAFORM_VERSION=1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): - .
module.build_terraform_image.null_resource.run_command[0] (local-exec): name: gcr.io/cloud-builders/docker
module.build_terraform_image.null_resource.run_command[0] (local-exec): - args:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - version
module.build_terraform_image.null_resource.run_command[0] (local-exec): name: us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): substitutions:
module.build_terraform_image.null_resource.run_command[0] (local-exec): BRANCH_NAME: main
module.build_terraform_image.null_resource.run_command[0] (local-exec): COMMIT_SHA: 6ccc20f932ba6f63365302298980f9b1077fd164
module.build_terraform_image.null_resource.run_command[0] (local-exec): REF_NAME: main
module.build_terraform_image.null_resource.run_command[0] (local-exec): REPO_NAME: tf-cloudbuilder
module.build_terraform_image.null_resource.run_command[0] (local-exec): REVISION_ID: 6ccc20f932ba6f63365302298980f9b1077fd164
module.build_terraform_image.null_resource.run_command[0] (local-exec): SHORT_SHA: 6ccc20f
module.build_terraform_image.null_resource.run_command[0] (local-exec): TRIGGER_BUILD_CONFIG_PATH: ''
module.build_terraform_image.null_resource.run_command[0] (local-exec): TRIGGER_NAME: tf-cloud-builder-build
module.build_terraform_image.null_resource.run_command[0] (local-exec): _TERRAFORM_FULL_VERSION: 1.3.0
module.build_terraform_image.null_resource.run_command[0] (local-exec): _TERRAFORM_MAJOR_VERSION: '1'
module.build_terraform_image.null_resource.run_command[0] (local-exec): _TERRAFORM_MINOR_VERSION: '1.3'
module.build_terraform_image.null_resource.run_command[0] (local-exec): tags:
module.build_terraform_image.null_resource.run_command[0] (local-exec): - trigger-29a34ab9-e42f-4f02-9d42-614d7be613c9
module.build_terraform_image.null_resource.run_command[0] (local-exec): timeout: 1200s
module.build_terraform_image.null_resource.run_command[0] (local-exec): name: operations/build/prj-b-cicd-82vv/NTExOTIzZWMtNGRiYS00M2E3LWI4ODMtZGY4MWQ5MzQ1NDNi
module.build_terraform_image.null_resource.run_command[0]: Creation complete after 3s [id=80237499979993840]
Apply complete! Resources: 5 added, 0 changed, 1 destroyed.
Outputs:
bootstrap_step_terraform_service_account_email = "sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com"
cloud_build_peered_network_id = "projects/prj-b-cicd-82vv/global/networks/vpc-b-cbpools"
cloud_build_private_worker_pool_id = "projects/prj-b-cicd-82vv/locations/us-central1/workerPools/private-pool-yqvb"
cloud_build_worker_peered_ip_range = "192.168.0.0/24"
cloud_build_worker_range_id = "projects/prj-b-cicd-82vv/global/addresses/ga-b-cbpools-worker-pool-range"
cloud_builder_artifact_repo = "projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners"
cloudbuild_project_id = "prj-b-cicd-82vv"
common_config = {
"billing_account" = "01BCCE-4EC0EE-DC58C8"
"bootstrap_folder_name" = "folders/173484768969"
"default_region" = "us-central1"
"folder_prefix" = "fldr"
"org_id" = "1064386348915"
"parent_folder" = "736660879367"
"parent_id" = "folders/736660879367"
"project_prefix" = "prj"
}
csr_repos = {
"gcp-bootstrap" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-bootstrap"
"name" = "gcp-bootstrap"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-bootstrap"
}
"gcp-environments" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-environments"
"name" = "gcp-environments"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments"
}
"gcp-networks" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-networks"
"name" = "gcp-networks"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-networks"
}
"gcp-org" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-org"
"name" = "gcp-org"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-org"
}
"gcp-policies" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-policies"
"name" = "gcp-policies"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-policies"
}
"gcp-projects" = {
"id" = "projects/prj-b-cicd-82vv/repos/gcp-projects"
"name" = "gcp-projects"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects"
}
"tf-cloudbuilder" = {
"id" = "projects/prj-b-cicd-82vv/repos/tf-cloudbuilder"
"name" = "tf-cloudbuilder"
"project" = "prj-b-cicd-82vv"
"url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/tf-cloudbuilder"
}
}
environment_step_terraform_service_account_email = "sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com"
gcs_bucket_cloudbuild_artifacts = {
"bootstrap" = "bkt-prj-b-cicd-82vv-gcp-bootstrap-build-artifacts"
"env" = "bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts"
"net" = "bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts"
"org" = "bkt-prj-b-cicd-82vv-gcp-org-build-artifacts"
"proj" = "bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts"
}
gcs_bucket_cloudbuild_logs = {
"bootstrap" = "bkt-prj-b-cicd-82vv-gcp-bootstrap-build-logs"
"env" = "bkt-prj-b-cicd-82vv-gcp-environments-build-logs"
"net" = "bkt-prj-b-cicd-82vv-gcp-networks-build-logs"
"org" = "bkt-prj-b-cicd-82vv-gcp-org-build-logs"
"proj" = "bkt-prj-b-cicd-82vv-gcp-projects-build-logs"
}
gcs_bucket_tfstate = "bkt-prj-b-seed-tfstate-7120"
networks_step_terraform_service_account_email = "sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com"
optional_groups = tomap({
"gcp_global_secrets_admin" = "gcp_global_secrets_admin_local_test@obrienlabs.xyz"
"gcp_kms_admin" = "gcp_kms_admin_local_test@obrienlabs.xyz"
"gcp_network_viewer" = "gcp_network_viewer_local_test@obrienlabs.xyz"
"gcp_scc_admin" = "gcp_scc_admin_local_test@obrienlabs.xyz"
"gcp_security_reviewer" = "gcp_security_reviewer_local_test@obrienlabs.xyz"
})
organization_step_terraform_service_account_email = "sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com"
projects_gcs_bucket_tfstate = "bkt-prj-b-seed-8919-gcp-projects-tfstate"
projects_step_terraform_service_account_email = "sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com"
required_groups = tomap({
"audit_data_users" = "gcp-audit-data@obrienlabs.xyz"
"billing_data_users" = "gcp-billing-data@obrienlabs.xyz"
"group_billing_admins" = "gcp-billing-admins@obrienlabs.xyz"
"group_org_admins" = "gcp-organization-admins@obrienlabs.xyz"
"monitoring_workspace_users" = "gcp-monitoring-workspace@obrienlabs.xyz"
})
seed_project_id = "prj-b-seed-8919"
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$
1215
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ export network_step_sa=$(./terraform output -raw networks_step_terraform_service_account_email)
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ echo "network step service account = ${network_step_sa}"
network step service account = sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ export projects_step_sa=$(./terraform output -raw projects_step_terraform_service_account_email)
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ echo "projects step service account = ${projects_step_sa}"
projects step service account = sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ export projects_gcs_bucket_tfstate=$(./terraform output -raw projects_gcs_bucket_tfstate)
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
projects gcs bucket tfstate = bkt-prj-b-seed-8919-gcp-projects-tfstate
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ cp backend.tf.example backend.tf
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ cd ..
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding (tef-olxyz)$ for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding (tef-olxyz)$ for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${backend_bucket_projects}/" $i; done
cd 0-bootstrap
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ cat backend.tf
terraform {
backend "gcs" {
bucket = "bkt-prj-b-seed-tfstate-7120"
prefix = "terraform/bootstrap/state"
}
}
skip 2nd update of step 10 of 0-bootstrap
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ ./terraform init
Initializing modules...
Initializing the backend...
Acquiring state lock. This may take a few moments...
Do you want to copy existing state to the new backend?
Pre-existing state was found while migrating the previous "local" backend to the
newly configured "gcs" backend. No existing state was found in the newly
configured "gcs" backend. Do you want to copy this state to the new "gcs"
backend? Enter "yes" to copy and "no" to start with an empty state.
Enter a value: yes
Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/random from the dependency lock file
- Reusing previous version of hashicorp/time from the dependency lock file
- Reusing previous version of hashicorp/google-beta from the dependency lock file
- Reusing previous version of hashicorp/null from the dependency lock file
- Reusing previous version of hashicorp/external from the dependency lock file
- Reusing previous version of hashicorp/google from the dependency lock file
- Using previously-installed hashicorp/random v3.6.0
- Using previously-installed hashicorp/time v0.11.1
- Using previously-installed hashicorp/google-beta v5.24.0
- Using previously-installed hashicorp/null v3.2.2
- Using previously-installed hashicorp/external v2.3.3
- Using previously-installed hashicorp/google v5.24.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ cd ../..
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-policies --project=${cloudbuild_project_id}
Cloning into '/home/michael/tef-olxyz/github/gcp-policies'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-policies] was cloned to [/home/michael/tef-olxyz/github/gcp-policies].
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ git checkout -b main
Switched to a new branch 'main'
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/policy-library/ .
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ ls
lib policies
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ git commit -m 'Initialize policy library repo'
[main (root-commit) f4f1736] Initialize policy library repo
112 files changed, 9682 insertions(+)
create mode 100644 lib/constraints.rego
create mode 100644 lib/util.rego
create mode 100644 lib/util_test.rego
create mode 100644 policies/constraints/appengine_versions.yaml
create mode 100644 policies/constraints/bigquery_world_readable.yaml
create mode 100644 policies/constraints/dnssec_prevent_rsasha1_ksk.yaml
create mode 100644 policies/constraints/dnssec_prevent_rsasha1_zsk.yaml
create mode 100644 policies/constraints/gke_allow_only_private_cluster.yaml
create mode 100644 policies/constraints/gke_allowed_node_sa_scope.yaml
create mode 100644 policies/constraints/gke_container_optimized_os.yaml
create mode 100644 policies/constraints/gke_dashboard_disable.yaml
create mode 100644 policies/constraints/gke_disable_default_service_account.yaml
create mode 100644 policies/constraints/gke_disable_legacy_endpoints.yaml
create mode 100644 policies/constraints/gke_enable_alias_ip_ranges.yaml
create mode 100644 policies/constraints/gke_legacy_abac.yaml
create mode 100644 policies/constraints/gke_master_authorized_networks_enabled.yaml
create mode 100644 policies/constraints/gke_node_pool_auto_repair.yaml
create mode 100644 policies/constraints/gke_node_pool_auto_upgrade.yaml
create mode 100644 policies/constraints/gke_restrict_client_auth_methods.yaml
create mode 100644 policies/constraints/gke_restrict_pod_traffic.yaml
create mode 100644 policies/constraints/iam_deny_public.yaml
create mode 100644 policies/constraints/network_enable_flow_logs.yaml
create mode 100644 policies/constraints/network_enable_private_google_access.yaml
create mode 100644 policies/constraints/restrict_fw_rules_rdp_world_open.yaml
create mode 100644 policies/constraints/restrict_fw_rules_ssh_world_open.yaml
create mode 100644 policies/constraints/restrict_fw_rules_world_open.yaml
create mode 100644 policies/constraints/serviceusage_allow_basic_apis.yaml
create mode 100644 policies/constraints/sql_public_ip.yaml
create mode 100644 policies/constraints/sql_ssl.yaml
create mode 100644 policies/constraints/storage_bucket_policy_only.yaml
create mode 100644 policies/constraints/storage_denylist_public.yaml
create mode 100644 policies/templates/gcp_allowed_resource_types.yaml
create mode 100644 policies/templates/gcp_always_violates_v1.yaml
create mode 100644 policies/templates/gcp_app_service_versions.yaml
create mode 100644 policies/templates/gcp_appengine_location_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_cmek_encryption_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_dataset_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_table_retention_v1.yaml
create mode 100644 policies/templates/gcp_bq_dataset_location_v1.yaml
create mode 100644 policies/templates/gcp_cmek_rotation_v1.yaml
create mode 100644 policies/templates/gcp_cmek_settings_v1.yaml
create mode 100644 policies/templates/gcp_compute_allowed_networks.yaml
create mode 100644 policies/templates/gcp_compute_disk_resource_policies_v1.yaml
create mode 100644 policies/templates/gcp_compute_external_ip_address.yaml
create mode 100644 policies/templates/gcp_compute_ip_forward.yaml
create mode 100644 policies/templates/gcp_compute_zone_v1.yaml
create mode 100644 policies/templates/gcp_dataproc_location_v1.yaml
create mode 100644 policies/templates/gcp_dnssec_prevent_rsasha1_v1.yaml
create mode 100644 policies/templates/gcp_dnssec_v1.yaml
create mode 100644 policies/templates/gcp_enforce_labels_v1.yaml
create mode 100644 policies/templates/gcp_enforce_naming_v1.yaml
create mode 100644 policies/templates/gcp_gke_allowed_node_sa_v1.yaml
create mode 100644 policies/templates/gcp_gke_cluster_location.yaml
create mode 100644 policies/templates/gcp_gke_cluster_version_v1.yaml
create mode 100644 policies/templates/gcp_gke_container_optimized_os.yaml
create mode 100644 policies/templates/gcp_gke_dashboard_v1.yaml
create mode 100644 policies/templates/gcp_gke_disable_default_service_account_v1.yaml
create mode 100644 policies/templates/gcp_gke_disable_legacy_endpoints_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_alias_ip_ranges.yaml
create mode 100644 policies/templates/gcp_gke_enable_private_endpoint.yaml
create mode 100644 policies/templates/gcp_gke_enable_shielded_nodes_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_kubernetes_engine_monitoring_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_logging_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_monitoring_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_workload_identity_v1.yaml
create mode 100644 policies/templates/gcp_gke_legacy_abac_v1.yaml
create mode 100644 policies/templates/gcp_gke_master_authorized_networks_enabled_v1.yaml
create mode 100644 policies/templates/gcp_gke_node_auto_repair_v1.yaml
create mode 100644 policies/templates/gcp_gke_node_auto_upgrade_v1.yaml
create mode 100644 policies/templates/gcp_gke_private_cluster_v1.yaml
create mode 100644 policies/templates/gcp_gke_restrict_client_auth_methods_v1.yaml
create mode 100644 policies/templates/gcp_gke_restrict_pod_traffic_v1.yaml
create mode 100644 policies/templates/gcp_glb_external_ip_access_constraint_v1.yaml
create mode 100644 policies/templates/gcp_iam_allow_ban_roles_v1.yaml
create mode 100644 policies/templates/gcp_iam_allowed_bindings.yaml
create mode 100644 policies/templates/gcp_iam_allowed_policy_member_domains.yaml
create mode 100644 policies/templates/gcp_iam_audit_log.yaml
create mode 100644 policies/templates/gcp_iam_custom_role_permissions_v1.yaml
create mode 100644 policies/templates/gcp_iam_required_bindings_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_creation_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_age_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_type_v1.yaml
create mode 100644 policies/templates/gcp_lb_forwarding_rules.yaml
create mode 100644 policies/templates/gcp_network_enable_firewall_logs_v1.yaml
create mode 100644 policies/templates/gcp_network_enable_flow_logs_v1.yaml
create mode 100644 policies/templates/gcp_network_enable_private_google_access_v1.yaml
create mode 100644 policies/templates/gcp_network_restrict_default_v1.yaml
create mode 100644 policies/templates/gcp_network_routing_v1.yaml
create mode 100644 policies/templates/gcp_resource_value_pattern_v1.yaml
create mode 100644 policies/templates/gcp_restricted_firewall_rules_v1.yaml
create mode 100644 policies/templates/gcp_serviceusage_allowed_services_v1.yaml
create mode 100644 policies/templates/gcp_spanner_location_v1.yaml
create mode 100644 policies/templates/gcp_sql_allowed_authorized_networks_v1.yaml
create mode 100644 policies/templates/gcp_sql_backup_v1.yaml
create mode 100644 policies/templates/gcp_sql_instance_type_v1.yaml
create mode 100644 policies/templates/gcp_sql_location_v1.yaml
create mode 100644 policies/templates/gcp_sql_maintenance_window_v1.yaml
create mode 100644 policies/templates/gcp_sql_public_ip_v1.yaml
create mode 100644 policies/templates/gcp_sql_ssl_v1.yaml
create mode 100644 policies/templates/gcp_sql_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_policy_only_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_retention_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_storage_cmek_encryption_v1.yaml
create mode 100644 policies/templates/gcp_storage_location_v1.yaml
create mode 100644 policies/templates/gcp_storage_logging_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_allowed_regions.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_access_levels_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_project_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_services_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ip_range_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_project_perimeter.yaml
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ git push --set-upstream origin main
Enumerating objects: 118, done.
Counting objects: 100% (118/118), done.
Delta compression using up to 4 threads
Compressing objects: 100% (118/118), done.
Writing objects: 100% (118/118), 72.63 KiB | 2.69 MiB/s, done.
Total 118 (delta 87), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (87/87)
remote: Waiting for private key checker: 94/112 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-policies
* [new branch] main -> main
Branch 'main' set up to track remote branch 'main' from 'origin'.
michael@cloudshell:~/tef-olxyz/github/gcp-policies (tef-olxyz)$ cd ..
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-bootstrap --project=${cloudbuild_project_id}
Cloning into '/home/michael/tef-olxyz/github/gcp-bootstrap'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-bootstrap] was cloned to [/home/michael/tef-olxyz/github/gcp-bootstrap].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-bootstrap/
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ mkdir -p envs/shared
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/0-bootstrap/ ./envs/shared
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ git commit -m 'Initialize bootstrap repo'
[plan (root-commit) e8bdf0f] Initialize bootstrap repo
64 files changed, 10044 insertions(+)
create mode 100644 cloudbuild-tf-apply.yaml
create mode 100644 cloudbuild-tf-plan.yaml
create mode 100644 envs/shared/.gitignore
create mode 100644 envs/shared/.terraform.lock.hcl
create mode 100644 envs/shared/Dockerfile
create mode 100644 envs/shared/README-GitHub.md
create mode 100644 envs/shared/README-GitLab.md
create mode 100644 envs/shared/README-Jenkins.md
create mode 100644 envs/shared/README-Terraform-Cloud.md
create mode 100644 envs/shared/README.md
create mode 100644 envs/shared/backend.tf
create mode 100644 envs/shared/backend.tf.cloud.example
create mode 100644 envs/shared/backend.tf.example
create mode 100644 envs/shared/bootstrap.tfplan
create mode 100644 envs/shared/cb.tf
create mode 100644 envs/shared/files/private_key_example.png
create mode 100644 envs/shared/github.tf.example
create mode 100644 envs/shared/gitlab.tf.example
create mode 100644 envs/shared/groups.tf
create mode 100644 envs/shared/jenkins.tf.example
create mode 100644 envs/shared/main.tf
create mode 100644 envs/shared/modules/cb-private-pool/README.md
create mode 100644 envs/shared/modules/cb-private-pool/main.tf
create mode 100644 envs/shared/modules/cb-private-pool/network.tf
create mode 100644 envs/shared/modules/cb-private-pool/outputs.tf
create mode 100644 envs/shared/modules/cb-private-pool/variables.tf
create mode 100644 envs/shared/modules/cb-private-pool/versions.tf
create mode 100644 envs/shared/modules/cb-private-pool/vpn_ha.tf
create mode 100644 envs/shared/modules/gitlab-oidc/main.tf
create mode 100644 envs/shared/modules/gitlab-oidc/outputs.tf
create mode 100644 envs/shared/modules/gitlab-oidc/variables.tf
create mode 100644 envs/shared/modules/gitlab-oidc/versions.tf
create mode 100644 envs/shared/modules/jenkins-agent/README.md
create mode 100755 envs/shared/modules/jenkins-agent/files/jenkins_gce_startup_script.sh
create mode 100644 envs/shared/modules/jenkins-agent/main.tf
create mode 100644 envs/shared/modules/jenkins-agent/outputs.tf
create mode 100644 envs/shared/modules/jenkins-agent/variables.tf
create mode 100644 envs/shared/modules/jenkins-agent/versions.tf
create mode 100644 envs/shared/modules/jenkins-agent/vpn_ha.tf
create mode 100644 envs/shared/modules/parent-iam-member/main.tf
create mode 100644 envs/shared/modules/parent-iam-member/variables.tf
create mode 100644 envs/shared/modules/parent-iam-member/versions.tf
create mode 100644 envs/shared/modules/parent-iam-remove-role/main.tf
create mode 100644 envs/shared/modules/parent-iam-remove-role/variables.tf
create mode 100644 envs/shared/modules/parent-iam-remove-role/versions.tf
create mode 100644 envs/shared/modules/tfc-agent-gke/README.md
create mode 100644 envs/shared/modules/tfc-agent-gke/main.tf
create mode 100644 envs/shared/modules/tfc-agent-gke/outputs.tf
create mode 100644 envs/shared/modules/tfc-agent-gke/variables.tf
create mode 100644 envs/shared/modules/tfc-agent-gke/versions.tf
create mode 100644 envs/shared/onprem.md
create mode 100644 envs/shared/outputs.tf
create mode 100644 envs/shared/provider.tf
create mode 100644 envs/shared/sa.tf
create mode 100755 envs/shared/scripts/git_create_branches_helper.sh
create mode 100755 envs/shared/scripts/push-to-repo.sh
create mode 100755 envs/shared/terraform
create mode 100644 envs/shared/terraform.example.tfvars
create mode 100644 envs/shared/terraform.tfvars
create mode 100644 envs/shared/terraform_1.3.10_linux_amd64.zip
create mode 100644 envs/shared/terraform_cloud.tf.example
create mode 100644 envs/shared/variables.tf
create mode 100644 envs/shared/versions.tf
create mode 100755 tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-bootstrap (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 78, done.
Counting objects: 100% (78/78), done.
Delta compression using up to 4 threads
Compressing objects: 100% (77/77), done.
Writing objects: 100% (78/78), 37.93 MiB | 5.91 MiB/s, done.
Total 78 (delta 23), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (23/23)
remote: Waiting for private key checker: 25/62 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-bootstrap
* [new branch] plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
repos
setup default security command center
securitycenter.serviceAgent
service-org-1064386348915@security-center-api.iam.gserviceaccount.com
moving to usage https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/tree/main/1-org#usage
cp terraform 1.3 while still not in docker
michael@cloudshell:~/tef-olxyz/github/pbmm-on-gcp-onboarding/0-bootstrap (tef-olxyz)$ cd ../..
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cp pbmm-on-gcp-onboarding/0-bootstrap/terraform pbmm-on-gcp-onboarding/1-org/
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID}
prj-b-cicd-82vv
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-org --project=${CLOUD_BUILD_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-org'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-org] was cloned to [/home/michael/tef-olxyz/github/gcp-org].
ichael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-org/
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/1-org/ .
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
check SCC
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ mv ./envs/shared/terraform.example.tfvars ./envs/shared/terraform.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ export ORGANIZATION_ID=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
ERROR: (gcloud.scc.notifications.describe) NOT_FOUND: Requested entity was not found.
check ACM policy
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
access_context_manager_policy_id =
update bucket
ichael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ export backend_bucket=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw gcs_bucket_tfstate)
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ echo "remote_state_bucket = ${backend_bucket}"
remote_state_bucket = bkt-prj-b-seed-tfstate-7120
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git diff
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git commit -m 'Initialize org repo'
[plan (root-commit) d21b4fd] Initialize org repo
44 files changed, 4805 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 cloudbuild-tf-apply.yaml
create mode 100644 cloudbuild-tf-plan.yaml
create mode 100644 envs/shared/README.md
create mode 100644 envs/shared/backend.tf
create mode 100644 envs/shared/backend.tf.cloud.example
create mode 100644 envs/shared/cai_monitoring.tf
create mode 100644 envs/shared/essential_contacts.tf
create mode 100644 envs/shared/folders.tf
create mode 100644 envs/shared/iam.tf
create mode 100644 envs/shared/log_sinks.tf
create mode 100644 envs/shared/org_policy.tf
create mode 100644 envs/shared/outputs.tf
create mode 100644 envs/shared/projects.tf
create mode 100644 envs/shared/providers.tf
create mode 100644 envs/shared/remote.tf
create mode 100644 envs/shared/remote.tf.cloud.example
create mode 100644 envs/shared/scc_notification.tf
create mode 100644 envs/shared/tags.tf
create mode 100644 envs/shared/terraform.tfvars
create mode 100644 envs/shared/variables.tf
create mode 100644 envs/shared/versions.tf
create mode 100644 modules/cai-monitoring/README.md
create mode 100644 modules/cai-monitoring/function-source/index.js
create mode 100644 modules/cai-monitoring/function-source/package-lock.json
create mode 100644 modules/cai-monitoring/function-source/package.json
create mode 100644 modules/cai-monitoring/iam.tf
create mode 100644 modules/cai-monitoring/main.tf
create mode 100644 modules/cai-monitoring/outputs.tf
create mode 100644 modules/cai-monitoring/providers.tf
create mode 100644 modules/cai-monitoring/variables.tf
create mode 100644 modules/cai-monitoring/versions.tf
create mode 100644 modules/centralized-logging/README.md
create mode 100644 modules/centralized-logging/main.tf
create mode 100644 modules/centralized-logging/outputs.tf
create mode 100644 modules/centralized-logging/variables.tf
create mode 100644 modules/centralized-logging/versions.tf
create mode 100644 modules/network/main.tf
create mode 100644 modules/network/outputs.tf
create mode 100644 modules/network/variables.tf
create mode 100644 modules/network/versions.tf
create mode 100755 terraform
create mode 100755 tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 53, done.
Counting objects: 100% (53/53), done.
Delta compression using up to 4 threads
Compressing objects: 100% (52/52), done.
Writing objects: 100% (53/53), 18.59 MiB | 3.53 MiB/s, done.
Total 53 (delta 10), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (10/10)
remote: Waiting for private key checker: 11/43 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-org
* [new branch] plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
check cloud build failures on the region - for bootstrap
module.tf_workspace["org"].google_cloudbuild_trigger.triggers["apply"]: Refreshing state... [id=projects/prj-b-cicd-82vv/locations/us-central1/triggers/343ac1be-ff42-4c5b-9a8d-8a751ff02767]
Error: Error when reading or editing CloudIdentityGroup "groups/00lnxbz93t65t5i": googleapi: Error 403: Error(2028): Permission denied for resource groups/00lnxbz93t65t5i (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/00lnxbz93t65t5i (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/00lnxbz93t65t5i",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.optional_group["gcp_security_reviewer"].google_cloud_identity_group.group,
on .terraform/modules/optional_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/00qsh70q0qfhim5": googleapi: Error 403: Error(2028): Permission denied for resource groups/00qsh70q0qfhim5 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/00qsh70q0qfhim5 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/00qsh70q0qfhim5",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.optional_group["gcp_global_secrets_admin"].google_cloud_identity_group.group,
on .terraform/modules/optional_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/01302m9230sowha": googleapi: Error 403: Error(2028): Permission denied for resource groups/01302m9230sowha (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/01302m9230sowha (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/01302m9230sowha",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.optional_group["gcp_network_viewer"].google_cloud_identity_group.group,
on .terraform/modules/optional_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/026in1rg44cfho5": googleapi: Error 403: Error(2028): Permission denied for resource groups/026in1rg44cfho5 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/026in1rg44cfho5 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/026in1rg44cfho5",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.optional_group["gcp_kms_admin"].google_cloud_identity_group.group,
on .terraform/modules/optional_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/00gjdgxs1x7221w": googleapi: Error 403: Error(2028): Permission denied for resource groups/00gjdgxs1x7221w (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/00gjdgxs1x7221w (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/00gjdgxs1x7221w",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.optional_group["gcp_scc_admin"].google_cloud_identity_group.group,
on .terraform/modules/optional_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/01664s551a7c2b7": googleapi: Error 403: Error(2028): Permission denied for resource groups/01664s551a7c2b7 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/01664s551a7c2b7 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/01664s551a7c2b7",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.required_group["audit_data_users"].google_cloud_identity_group.group,
on .terraform/modules/required_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/035nkun24jo9ze2": googleapi: Error 403: Error(2028): Permission denied for resource groups/035nkun24jo9ze2 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/035nkun24jo9ze2 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/035nkun24jo9ze2",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.required_group["monitoring_workspace_users"].google_cloud_identity_group.group,
on .terraform/modules/required_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/030j0zll0t6edxb": googleapi: Error 403: Error(2028): Permission denied for resource groups/030j0zll0t6edxb (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/030j0zll0t6edxb (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/030j0zll0t6edxb",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.required_group["group_billing_admins"].google_cloud_identity_group.group,
on .terraform/modules/required_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/00vx12274fe8dqj": googleapi: Error 403: Error(2028): Permission denied for resource groups/00vx12274fe8dqj (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/00vx12274fe8dqj (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/00vx12274fe8dqj",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.required_group["billing_data_users"].google_cloud_identity_group.group,
on .terraform/modules/required_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
Error: Error when reading or editing CloudIdentityGroup "groups/02pta16n30qltk1": googleapi: Error 403: Error(2028): Permission denied for resource groups/02pta16n30qltk1 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/02pta16n30qltk1 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/02pta16n30qltk1",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
with module.required_group["group_org_admins"].google_cloud_identity_group.group,
on .terraform/modules/required_group/main.tf line 35, in resource "google_cloud_identity_group" "group":
35: resource "google_cloud_identity_group" "group" {
https://source.cloud.google.com/prj-b-cicd-82vv/gcp-org/+/plan:envs/shared/terraform.tfvars?hl=en
domains_to_allow = ["example.com"]
essential_contacts_domains_to_allow = ["@example.com"]
billing_data_users = "gcp-billing-data-users@example.com"
audit_data_users = "gcp-security-admins@example.com"
scc_notification_name = "scc-notify"
remote_state_bucket = "bkt-prj-b-seed-tfstate-7120"
//scc_notification_filter = "state=\\\"ACTIVE\\\""
//enable_hub_and_spoke = true
//create_access_context_manager_access_policy = false
// Optional - If you are deploying Foundation Example in a parent folder
// consider using below create_unique_tag_key var because as Tag Keys are
// unique organization-wide it will add a random suffix at each tag key
//create_unique_tag_key = true
should be
domains_to_allow = ["obrienlabs.xyz"]
essential_contacts_domains_to_allow = ["@obrienlabs.xyz"]
billing_data_users = "gcp-billing-data-users@obrienlabs.xyz"
audit_data_users = "gcp-security-admins@obrienlabs.xyz"
scc_notification_name = "scc-notify"
remote_state_bucket = "bkt-prj-b-seed-tfstate-7120"
//scc_notification_filter = "state=\\\"ACTIVE\\\""
enable_hub_and_spoke = true
//create_access_context_manager_access_policy = false
// Optional - If you are deploying Foundation Example in a parent folder
// consider using below create_unique_tag_key var because as Tag Keys are
// unique organization-wide it will add a random suffix at each tag key
//create_unique_tag_key = true
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git diff
diff --git a/envs/shared/terraform.tfvars b/envs/shared/terraform.tfvars
index d8009f8..8879740 100644
--- a/envs/shared/terraform.tfvars
+++ b/envs/shared/terraform.tfvars
@@ -15,13 +15,13 @@
*/
# Must include the domain of the organization you are deploying the foundation.
-domains_to_allow = ["example.com"]
+domains_to_allow = ["obrienlabs.xyz"]
-essential_contacts_domains_to_allow = ["@example.com"]
+essential_contacts_domains_to_allow = ["@obrienlabs.xyz"]
-billing_data_users = "gcp-billing-data-users@example.com"
+billing_data_users = "gcp-billing-data-users@obrienlabs.xyz"
-audit_data_users = "gcp-security-admins@example.com"
+audit_data_users = "gcp-security-admins@obrienlabs.xyz"
scc_notification_name = "scc-notify"
@@ -29,7 +29,7 @@ remote_state_bucket = "bkt-prj-b-seed-tfstate-7120"
//scc_notification_filter = "state=\\\"ACTIVE\\\""
-//enable_hub_and_spoke = true
+enable_hub_and_spoke = true
//create_access_context_manager_access_policy = false
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$
moving to #370
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git checkout -b production
Switched to a new branch 'production'
michael@cloudshell:~/tef-olxyz/github/gcp-org (tef-olxyz)$ git push origin production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-org
* [new branch] production -> production
Build OK
Step #2 - "tf plan": Plan: 288 to add, 0 to change, 0 to destroy.
Step #4 - "tf apply": Apply complete! Resources: 288 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": base_net_hub_project_id = "prj-c-base-net-hub-5y8h"
Step #4 - "tf apply": billing_sink_names = {
Step #4 - "tf apply": "prj" = "sk-c-logging-prj-billing-wh58"
Step #4 - "tf apply": "pub" = "sk-c-logging-pub-billing-wh58"
Step #4 - "tf apply": "sto" = "sk-c-logging-bkt-billing-wh58"
Step #4 - "tf apply": }
Step #4 - "tf apply": cai_monitoring_artifact_registry = "ar-cai-monitoring-4241"
Step #4 - "tf apply": cai_monitoring_asset_feed = "organizations/1064386348915/feeds/fd-cai-monitoring-4241"
Step #4 - "tf apply": cai_monitoring_bucket = "bkt-cai-monitoring-4241-sources-726972909649-us-central1"
Step #4 - "tf apply": cai_monitoring_topic = "top-cai-monitoring-4241-event"
Step #4 - "tf apply": common_folder_name = "folders/96486704059"
Step #4 - "tf apply": dns_hub_project_id = "prj-c-dns-hub-6f4b"
Step #4 - "tf apply": domains_to_allow = tolist([
Step #4 - "tf apply": "obrienlabs.xyz",
Step #4 - "tf apply": ])
Step #4 - "tf apply": interconnect_project_id = "prj-c-interconnect-s2zg"
Step #4 - "tf apply": interconnect_project_number = "671048289254"
Step #4 - "tf apply": logs_export_project_linked_dataset_name = "projects/prj-c-logging-fn0h/locations/us-central1/buckets/AggregatedLogs/links/ds_c_prj_aggregated_logs_analytics"
Step #4 - "tf apply": logs_export_project_logbucket_name = "AggregatedLogs"
Step #4 - "tf apply": logs_export_pubsub_topic = "tp-org-logs-o9q2"
Step #4 - "tf apply": logs_export_storage_bucket_name = "bkt-prj-c-logging-fn0h-org-logs-o9q2"
Step #4 - "tf apply": network_folder_name = "folders/652472417643"
Step #4 - "tf apply": org_audit_logs_project_id = "prj-c-logging-fn0h"
Step #4 - "tf apply": org_billing_logs_project_id = "prj-c-billing-logs-ve1w"
Step #4 - "tf apply": org_id = "1064386348915"
Step #4 - "tf apply": org_kms_project_id = "prj-c-kms-eeg3"
Step #4 - "tf apply": org_secrets_project_id = "prj-c-secrets-2lxo"
Step #4 - "tf apply": parent_resource_id = "736660879367"
Step #4 - "tf apply": parent_resource_type = "folder"
Step #4 - "tf apply": restricted_net_hub_project_id = "prj-c-restricted-net-hub-a8d5"
Step #4 - "tf apply": restricted_net_hub_project_number = "127928059862"
Step #4 - "tf apply": scc_notification_name = "scc-notify"
Step #4 - "tf apply": scc_notifications_project_id = "prj-c-scc-8zsj"
Step #4 - "tf apply": shared_vpc_projects = {
Step #4 - "tf apply": "development" = {
Step #4 - "tf apply": "base_shared_vpc_project_id" = "prj-d-shared-base-nlqs"
Step #4 - "tf apply": "base_shared_vpc_project_number" = "101627147505"
Step #4 - "tf apply": "restricted_shared_vpc_project_id" = "prj-d-shared-restricted-j004"
Step #4 - "tf apply": "restricted_shared_vpc_project_number" = "1045069971921"
Step #4 - "tf apply": }
Step #4 - "tf apply": "non-production" = {
Step #4 - "tf apply": "base_shared_vpc_project_id" = "prj-n-shared-base-b12y"
Step #4 - "tf apply": "base_shared_vpc_project_number" = "607634801735"
Step #4 - "tf apply": "restricted_shared_vpc_project_id" = "prj-n-shared-restricted-qnv6"
Step #4 - "tf apply": "restricted_shared_vpc_project_number" = "856556999326"
Step #4 - "tf apply": }
Step #4 - "tf apply": "production" = {
Step #4 - "tf apply": "base_shared_vpc_project_id" = "prj-p-shared-base-oae0"
Step #4 - "tf apply": "base_shared_vpc_project_number" = "17819846901"
Step #4 - "tf apply": "restricted_shared_vpc_project_id" = "prj-p-shared-restricted-2pqc"
Step #4 - "tf apply": "restricted_shared_vpc_project_number" = "98452292868"
Step #4 - "tf apply": }
Step #4 - "tf apply": }
Step #4 - "tf apply": tags = {
Step #4 - "tf apply": "environment_bootstrap" = "tagValues/281484537587812"
Step #4 - "tf apply": "environment_development" = "tagValues/281483791828482"
Step #4 - "tf apply": "environment_non-production" = "tagValues/281484388371311"
Step #4 - "tf apply": "environment_production" = "tagValues/281483304603502"
Step #4 - "tf apply": }
Step #4 - "tf apply": policy-library/policies doesn't match production; skipping
Step #4 - "tf apply": policy-library/lib doesn't match production; skipping
Step #4 - "tf apply": policy-library/.git doesn't match production; skipping
Finished Step #4 - "tf apply"
15 more projects - total of 18 so far
New Advisory Notification: Sensitive actions taken in your Google Cloud organization
Dear Google Cloud customer,
You've received an important Google Cloud notification affecting your organization ob...s Google Cloud service(s).
Notification Title: Sensitive actions taken in your Google Cloud organization
ichael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID}
prj-b-cicd-82vv
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-environments --project=${CLOUD_BUILD_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-environments'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-environments] was cloned to [/home/michael/tef-olxyz/github/gcp-environments].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-environments/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/2-environments/ .
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
ichael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ mv terraform.example.tfvars terraform.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ export backend_bucket=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw gcs_bucket_tfstate) michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ echo "remote_state_bucket = ${backend_bucket}" remote_state_bucket = bkt-prj-b-seed-tfstate-7120 michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" terraform.tfvars michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cat terraform.tfvars
## 2-env step 5 commit for plan
ichael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git add . michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp terraform.tfvars ../pbmm-on-gcp-onboarding/2-environments/ michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git commit -m 'Initialize environments repo' [plan (root-commit) 2bd201b] Initialize environments repo 39 files changed, 1830 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 cloudbuild-tf-apply.yaml create mode 100644 cloudbuild-tf-plan.yaml create mode 100644 envs/development/README.md create mode 100644 envs/development/backend.tf create mode 100644 envs/development/backend.tf.cloud.example create mode 100644 envs/development/main.tf create mode 100644 envs/development/outputs.tf create mode 120000 envs/development/terraform.tfvars create mode 100644 envs/development/variables.tf create mode 100644 envs/non-production/README.md create mode 100644 envs/non-production/backend.tf create mode 100644 envs/non-production/backend.tf.cloud.example create mode 100644 envs/non-production/main.tf create mode 100644 envs/non-production/outputs.tf create mode 120000 envs/non-production/terraform.tfvars create mode 100644 envs/non-production/variables.tf create mode 100644 envs/production/README.md create mode 100644 envs/production/backend.tf create mode 100644 envs/production/backend.tf.cloud.example create mode 100644 envs/production/main.tf create mode 100644 envs/production/outputs.tf create mode 120000 envs/production/terraform.tfvars create mode 100644 envs/production/variables.tf create mode 100644 modules/env_baseline/README.md create mode 100644 modules/env_baseline/assured_workload.tf create mode 100644 modules/env_baseline/folders.tf create mode 100644 modules/env_baseline/iam.tf create mode 100644 modules/env_baseline/kms.tf create mode 100644 modules/env_baseline/monitoring.tf create mode 100644 modules/env_baseline/outputs.tf create mode 100644 modules/env_baseline/remote.tf create mode 100644 modules/env_baseline/remote.tf.cloud.example create mode 100644 modules/env_baseline/secrets.tf create mode 100644 modules/env_baseline/variables.tf create mode 100644 modules/env_baseline/versions.tf create mode 100644 terraform.tfvars create mode 100755 tf-wrapper.sh michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push --set-upstream origin plan Enumerating objects: 42, done. Counting objects: 100% (42/42), done. Delta compression using up to 4 threads Compressing objects: 100% (40/40), done. Writing objects: 100% (42/42), 19.07 KiB | 1.59 MiB/s, done. Total 42 (delta 21), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (21/21) remote: Waiting for private key checker: 13/34 objects left To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
Step #1 - "tf plan validate all": Error: Reference to undeclared module
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": on outputs.tf line 19, in output "env_folder":
Step #1 - "tf plan validate all": 19: value = module.env.env_folder
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": No module call named "env" is declared in the root module.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Error: Reference to undeclared module
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": on outputs.tf line 24, in output "monitoring_project_id":
Step #1 - "tf plan validate all": 24: value = module.env.monitoring_project_id
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": No module call named "env" is declared in the root module.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Error: Reference to undeclared module
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": on outputs.tf line 29, in output "env_secrets_project_id":
Step #1 - "tf plan validate all": 29: value = module.env.env_secrets_project_id
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": No module call named "env" is declared in the root module.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Error: Reference to undeclared module
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": on outputs.tf line 34, in output "env_kms_project_id":
Step #1 - "tf plan validate all": 34: value = module.env.env_kms_project_id
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": No module call named "env" is declared in the root module.
Finished Step #1 - "tf plan validate all"
need to fix also outputs.tf
/*
output "env_folder" {
description = "Environment folder created under parent."
value = module.env.env_folder
}
output "monitoring_project_id" {
description = "Project for monitoring infra."
value = module.env.monitoring_project_id
}
output "env_secrets_project_id" {
description = "Project for environment related secrets."
value = module.env.env_secrets_project_id
}
output "env_kms_project_id" {
description = "Project for environment Cloud Key Management Service (KMS)."
value = module.env.env_kms_project_id
}*/
rerun
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/2-environments/envs/development/outputs.tf envs/development/
ichael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git add envs/development/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git commit -m 'disable development'
[plan 1731828] disable development
1 file changed, 2 insertions(+), 2 deletions(-)
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 479 bytes | 479.00 KiB/s, done.
Total 5 (delta 3), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (3/3)
remote: Waiting for private key checker: 1/1 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
2bd201b..1731828 plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'
Step #1 - "tf plan validate all": Plan: 30 to add, 0 to change, 0 to destroy.
Step #1 - "tf plan validate all": Warning: Value for undeclared variable
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": The root module does not declare a variable named
Step #1 - "tf plan validate all": "monitoring_workspace_users" but a value was found in file
Step #1 - "tf plan validate all": "terraform.tfvars". If you meant to use this value, add a "variable" block to
Step #1 - "tf plan validate all": the configuration.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": To silence these warnings, use TF_VAR_... environment variables to provide
Step #1 - "tf plan validate all": certain "global" settings to all configurations in your organization. To
Step #1 - "tf plan validate all": reduce the verbosity of these warnings, use the -compact-warnings option.
Step #1 - "tf plan validate all": *************** TERRAFORM VALIDATE ******************
Step #1 - "tf plan validate all": At environment: envs/development
Step #1 - "tf plan validate all": Using policy from: /workspace/policy-library
Step #1 - "tf plan validate all": *****************************************************
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Validating resources...
Step #1 - "tf plan validate all": .......done.
Step #1 - "tf plan validate all": ERROR: [Terraform plan json does not contain resource_changes key]. Additional details: [terraform-validator-internal.git.corp.google.com/terraform-tools.git/cmd.Execute
Step #1 - "tf plan validate all": /tmpfs/src/git/terraform-tools/cmd/root.go:93
Step #1 - "tf plan validate all": main.main
Step #1 - "tf plan validate all": /tmpfs/src/git/terraform-tools/main.go:16
Step #1 - "tf plan validate all": runtime.main
Step #1 - "tf plan validate all": /usr/local/go/src/runtime/proc.go:250]
Finished Step #1 - "tf plan validate all"
ERROR
ERROR: build step 1 "us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1" failed: step exited with non-zero status: 33
also comment backend.tf
/*
terraform {
backend "gcs" {
bucket = "bkt-prj-b-seed-tfstate-7120"
prefix = "terraform/environments/development"
}
}*/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/2-environments/envs/development/backend.tf envs/development/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git status
On branch plan
Your branch is up to date with 'origin/plan'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: envs/development/backend.tf
no changes added to commit (use "git add" and/or "git commit -a")
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git diff
diff --git a/envs/development/backend.tf b/envs/development/backend.tf
index 50d9623..f517fe1 100644
--- a/envs/development/backend.tf
+++ b/envs/development/backend.tf
@@ -13,10 +13,10 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
+/*
terraform {
backend "gcs" {
bucket = "bkt-prj-b-seed-tfstate-7120"
prefix = "terraform/environments/development"
}
-}
+}*/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git add envs/development/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git commit -m 'disable development - backend.tf'
[plan 3334a44] disable development - backend.tf
1 file changed, 2 insertions(+), 2 deletions(-)
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 487 bytes | 487.00 KiB/s, done.
Total 5 (delta 3), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (3/3)
remote: Waiting for private key checker: 1/1 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
1731828..3334a44 plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
Step #1 - "tf plan validate all": Plan: 30 to add, 0 to change, 0 to destroy.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Changes to Outputs:
Step #1 - "tf plan validate all": + env_folder = (known after apply)
Step #1 - "tf plan validate all": + env_kms_project_id = (known after apply)
Step #1 - "tf plan validate all": + env_secrets_project_id = (known after apply)
Step #1 - "tf plan validate all": + monitoring_project_id = (known after apply)
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Warning: Value for undeclared variable
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": The root module does not declare a variable named
Step #1 - "tf plan validate all": "monitoring_workspace_users" but a value was found in file
Step #1 - "tf plan validate all": "terraform.tfvars". If you meant to use this value, add a "variable" block to
Step #1 - "tf plan validate all": the configuration.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": To silence these warnings, use TF_VAR_... environment variables to provide
Step #1 - "tf plan validate all": certain "global" settings to all configurations in your organization. To
Step #1 - "tf plan validate all": reduce the verbosity of these warnings, use the -compact-warnings option.
Step #1 - "tf plan validate all": *************** TERRAFORM VALIDATE ******************
Step #1 - "tf plan validate all": At environment: envs/non-production
Step #1 - "tf plan validate all": Using policy from: /workspace/policy-library
Step #1 - "tf plan validate all": *****************************************************
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Cloning into '/workspace/policy-library'...
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": warning: remote HEAD refers to nonexistent ref, unable to checkout
Step #1 - "tf plan validate all": Project [prj-b-cicd-82vv] repository [gcp-policies] was cloned to [/workspace/policy-library].
Step #1 - "tf plan validate all": /workspace/envs/non-production /workspace/envs/non-production
Step #1 - "tf plan validate all": current gcp-policies branch master
Step #1 - "tf plan validate all": Switched to a new branch 'main'
Step #1 - "tf plan validate all": branch 'main' set up to track 'origin/main'.
Step #1 - "tf plan validate all": /workspace/envs/non-production
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Validating resources...
Step #1 - "tf plan validate all": ...............done.
Step #1 - "tf plan validate all": *************** TERRAFORM INIT *******************
Step #1 - "tf plan validate all": At environment: envs/development
Step #1 - "tf plan validate all": **************************************************
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Initializing the backend...
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Initializing provider plugins...
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Terraform has been successfully initialized!
Step #1 - "tf plan validate all": *************** TERRAFORM PLAN *******************
Step #1 - "tf plan validate all": At environment: envs/development
Step #1 - "tf plan validate all": **************************************************
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": No changes. Your infrastructure matches the configuration.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Terraform has compared your real infrastructure against your configuration
Step #1 - "tf plan validate all": and found no differences, so no changes are needed.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Warning: Value for undeclared variable
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": The root module does not declare a variable named
Step #1 - "tf plan validate all": "monitoring_workspace_users" but a value was found in file
Step #1 - "tf plan validate all": "terraform.tfvars". If you meant to use this value, add a "variable" block to
Step #1 - "tf plan validate all": the configuration.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": To silence these warnings, use TF_VAR_... environment variables to provide
Step #1 - "tf plan validate all": certain "global" settings to all configurations in your organization. To
Step #1 - "tf plan validate all": reduce the verbosity of these warnings, use the -compact-warnings option.
Step #1 - "tf plan validate all": *************** TERRAFORM VALIDATE ******************
Step #1 - "tf plan validate all": At environment: envs/development
Step #1 - "tf plan validate all": Using policy from: /workspace/policy-library
Step #1 - "tf plan validate all": *****************************************************
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Validating resources...
Step #1 - "tf plan validate all": ........done.
Step #1 - "tf plan validate all": ERROR: [Terraform plan json does not contain resource_changes key]. Additional details: [terraform-validator-internal.git.corp.google.com/terraform-tools.git/cmd.Execute
Step #1 - "tf plan validate all": /tmpfs/src/git/terraform-tools/cmd/root.go:93
Step #1 - "tf plan validate all": main.main
Step #1 - "tf plan validate all": /tmpfs/src/git/terraform-tools/main.go:16
Step #1 - "tf plan validate all": runtime.main
Step #1 - "tf plan validate all": /usr/local/go/src/runtime/proc.go:250]
Finished Step #1 - "tf plan validate all"
Enable all development
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git status
On branch plan
Your branch is up to date with 'origin/plan'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: envs/development/backend.tf
modified: envs/development/main.tf
modified: envs/development/outputs.tf
no changes added to commit (use "git add" and/or "git commit -a")
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git add envs/development/
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git commit -m 'enable development'
[plan f0a7937] enable development
3 files changed, 6 insertions(+), 6 deletions(-)
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 4 threads
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 618 bytes | 618.00 KiB/s, done.
Total 7 (delta 5), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (5/5)
remote: Waiting for private key checker: 3/3 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
3334a44..f0a7937 plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
Step #1 - "tf plan validate all": Plan: 30 to add, 0 to change, 0 to destroy.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Changes to Outputs:
Step #1 - "tf plan validate all": + assured_workload_resources = []
Step #1 - "tf plan validate all": + env_folder = (known after apply)
Step #1 - "tf plan validate all": + env_kms_project_id = (known after apply)
Step #1 - "tf plan validate all": + env_secrets_project_id = (known after apply)
Step #1 - "tf plan validate all": + monitoring_project_id = (known after apply)
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Warning: Value for undeclared variable
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": The root module does not declare a variable named
Step #1 - "tf plan validate all": "monitoring_workspace_users" but a value was found in file
Step #1 - "tf plan validate all": "terraform.tfvars". If you meant to use this value, add a "variable" block to
Step #1 - "tf plan validate all": the configuration.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": To silence these warnings, use TF_VAR_... environment variables to provide
Step #1 - "tf plan validate all": certain "global" settings to all configurations in your organization. To
Step #1 - "tf plan validate all": reduce the verbosity of these warnings, use the -compact-warnings option.
Step #1 - "tf plan validate all": *************** TERRAFORM VALIDATE ******************
Step #1 - "tf plan validate all": At environment: envs/production
Step #1 - "tf plan validate all": Using policy from: /workspace/policy-library
Step #1 - "tf plan validate all": *****************************************************
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Validating resources...
Step #1 - "tf plan validate all": ................done.
Finished Step #1 - "tf plan validate all"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts using gsutil cp
cloudbuild-tf-plan.yaml: Uploading path....
Copying file://cloudbuild-tf-plan.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.0 KiB] 0% Done
/ [1/1 files][ 2.0 KiB/ 2.0 KiB] 100% Done
Operation completed over 1 objects/2.0 KiB.
cloudbuild-tf-plan.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-development.tfplan [Content-Type=application/octet-stream]...
/ [0/3 files][ 0.0 B/382.4 KiB] 0% Done
Copying file://tmp_plan/envs-non-production.tfplan [Content-Type=application/octet-stream]...
/ [0/3 files][ 0.0 B/382.4 KiB] 0% Done
Copying file://tmp_plan/envs-production.tfplan [Content-Type=application/octet-stream]...
/ [0/3 files][ 0.0 B/382.4 KiB] 0% Done
/ [1/3 files][382.4 KiB/382.4 KiB] 99% Done
/ [2/3 files][382.4 KiB/382.4 KiB] 99% Done
/ [3/3 files][382.4 KiB/382.4 KiB] 100% Done
Operation completed over 3 objects/382.4 KiB.
tmp_plan/*.tfplan: 3 matching files uploaded
4 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/plan/892bb3fa-81c9-423d-86b4-30798029f80f/
Uploading manifest artifacts-892bb3fa-81c9-423d-86b4-30798029f80f.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/plan/892bb3fa-81c9-423d-86b4-30798029f80f/artifacts-892bb3fa-81c9-423d-86b4-30798029f80f.json
DONE
ichael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git checkout -b non-production
Switched to a new branch 'non-production'
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push origin non-production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
* [new branch] non-production -> non-production
Step #4 - "tf apply": Apply complete! Resources: 30 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": env_folder = "folders/358902749545"
Step #4 - "tf apply": env_kms_project_id = "prj-n-kms-bin5"
Step #4 - "tf apply": env_secrets_project_id = "prj-n-secrets-2jq5"
Step #4 - "tf apply": monitoring_project_id = "prj-n-monitoring-gnw9"
Step #4 - "tf apply": envs/development doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/policies doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/lib doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/.git doesn't match non-production; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-non-production.tfplan [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/127.4 KiB] 0% Done
/ [1/1 files][127.4 KiB/127.4 KiB] 100% Done
Operation completed over 1 objects/127.4 KiB.
tmp_plan/*.tfplan: 1 matching files uploaded
2 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/ee26d5a6-c57f-4f25-87ac-f64789526f7f/
Uploading manifest artifacts-ee26d5a6-c57f-4f25-87ac-f64789526f7f.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/ee26d5a6-c57f-4f25-87ac-f64789526f7f/artifacts-ee26d5a6-c57f-4f25-87ac-f64789526f7f.json
DONE
fldr-non-production up with 3 projects
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git checkout -b production
Switched to a new branch 'production'
michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push origin production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
* [new branch] production -> production
Step #4 - "tf apply": Apply complete! Resources: 30 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": assured_workload_id = ""
Step #4 - "tf apply": assured_workload_resources = []
Step #4 - "tf apply": env_folder = "folders/206926817949"
Step #4 - "tf apply": env_kms_project_id = "prj-p-kms-ggrt"
Step #4 - "tf apply": env_secrets_project_id = "prj-p-secrets-j2uk"
Step #4 - "tf apply": monitoring_project_id = "prj-p-monitoring-u4p2"
Step #4 - "tf apply": envs/non-production doesn't match production; skipping
Step #4 - "tf apply": envs/development doesn't match production; skipping
Step #4 - "tf apply": policy-library/policies doesn't match production; skipping
Step #4 - "tf apply": policy-library/lib doesn't match production; skipping
Step #4 - "tf apply": policy-library/.git doesn't match production; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-production.tfplan [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/127.6 KiB] 0% Done
/ [1/1 files][127.6 KiB/127.6 KiB] 100% Done
Operation completed over 1 objects/127.6 KiB.
tmp_plan/*.tfplan: 1 matching files uploaded
2 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/041fd9b4-4a1f-47a6-a2f2-636dfcce4136/
Uploading manifest artifacts-041fd9b4-4a1f-47a6-a2f2-636dfcce4136.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/041fd9b4-4a1f-47a6-a2f2-636dfcce4136/artifacts-041fd9b4-4a1f-47a6-a2f2-636dfcce4136.json
DONE
20240410:1300
20240411 fully install terraform 1.3 - fixing ./terraform entries
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ sudo cp terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ sudo chmod 777 terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ rm -rf terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export ORGANIZATION_ID=$(terraform -chdir="pbmm-on-gcp-onboarding/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ xport ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
-bash: xport: command not found
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value
(name)")
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
access_context_manager_policy_id = 807865857747
clone repo
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID}
prj-b-cicd-82vv
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ ls
gcp-bootstrap gcp-environments gcp-org gcp-policies _pbmm-gh360-day0-deploy-example pbmm-on-gcp-onboarding
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-networks --project=${CLOUD_BUILD_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-networks'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-networks] was cloned to [/home/michael/tef-olxyz/github/gcp-networks].
configure
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-networks/
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/3-networks-hub-and-spoke/ .
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ mv common.auto.example.tfvars common.auto.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ mv shared.auto.example.tfvars shared.auto.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ mv access_context.auto.example.tfvars access_context.auto.tfvars
update tfvars common.auto.tfvars
domain = "obrie...yz."
perimeter_additional_members = ["user:mic..yz"]
auto update
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ export ORGANIZATION_ID=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
access_context_manager_policy_id = 807865857747
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ export backend_bucket=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw gcs_bucket_tfstate)
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ echo "remote_state_bucket = ${backend_bucket}"
remote_state_bucket = bkt-prj-b-seed-tfstate-7120
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git status
On branch plan
No commits yet
Untracked files:
(use "git add <file>..." to include in what will be committed)
.gitignore
README.md
access_context.auto.tfvars
cloudbuild-tf-apply.yaml
cloudbuild-tf-plan.yaml
common.auto.tfvars
envs/
modules/
shared.auto.tfvars
tf-wrapper.sh
nothing added to commit but untracked files present (use "git add" to track)
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git diff
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git commit -m 'Initialize networks repo'
[plan (root-commit) 1ed27dd] Initialize networks repo
109 files changed, 8288 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 access_context.auto.tfvars
create mode 100644 cloudbuild-tf-apply.yaml
create mode 100644 cloudbuild-tf-plan.yaml
create mode 100644 common.auto.tfvars
create mode 100644 envs/development/README.md
create mode 120000 envs/development/access_context.auto.tfvars
create mode 100644 envs/development/backend.tf
create mode 100644 envs/development/backend.tf.cloud.example
create mode 120000 envs/development/common.auto.tfvars
create mode 100644 envs/development/main.tf
create mode 100644 envs/development/outputs.tf
create mode 100644 envs/development/providers.tf
create mode 100644 envs/development/variables.tf
create mode 100644 envs/development/versions.tf
create mode 100644 envs/non-production/README.md
create mode 120000 envs/non-production/access_context.auto.tfvars
create mode 100644 envs/non-production/backend.tf
create mode 100644 envs/non-production/backend.tf.cloud.example
create mode 120000 envs/non-production/common.auto.tfvars
create mode 100644 envs/non-production/main.tf
create mode 100644 envs/non-production/outputs.tf
create mode 100644 envs/non-production/providers.tf
create mode 100644 envs/non-production/variables.tf
create mode 100644 envs/non-production/versions.tf
create mode 100644 envs/production/README.md
create mode 120000 envs/production/access_context.auto.tfvars
create mode 100644 envs/production/backend.tf
create mode 100644 envs/production/backend.tf.cloud.example
create mode 120000 envs/production/common.auto.tfvars
create mode 100644 envs/production/main.tf
create mode 100644 envs/production/outputs.tf
create mode 100644 envs/production/providers.tf
create mode 100644 envs/production/variables.tf
create mode 100644 envs/production/versions.tf
create mode 100644 envs/shared/README.md
create mode 120000 envs/shared/access_context.auto.tfvars
create mode 100644 envs/shared/backend.tf
create mode 100644 envs/shared/backend.tf.cloud.example
create mode 120000 envs/shared/common.auto.tfvars
create mode 100644 envs/shared/dns-hub.tf
create mode 100644 envs/shared/hierarchical_firewall.tf
create mode 100644 envs/shared/interconnect.auto.tfvars.example
create mode 100644 envs/shared/interconnect.tf.example
create mode 100644 envs/shared/main.tf
create mode 100644 envs/shared/net-hubs-transitivity.tf
create mode 100644 envs/shared/net-hubs.tf
create mode 100644 envs/shared/outputs.tf
create mode 100644 envs/shared/partner_interconnect.auto.tfvars.example
create mode 100644 envs/shared/partner_interconnect.tf.example
create mode 100644 envs/shared/providers.tf
create mode 100644 envs/shared/remote.tf
create mode 100644 envs/shared/remote.tf.cloud.example
create mode 120000 envs/shared/shared.auto.tfvars
create mode 100644 envs/shared/variables.tf
create mode 100644 envs/shared/versions.tf
create mode 100644 modules/base_env/README.md
create mode 100644 modules/base_env/main.tf
create mode 100644 modules/base_env/outputs.tf
create mode 100644 modules/base_env/remote.tf
create mode 100644 modules/base_env/remote.tf.cloud.example
create mode 100644 modules/base_env/variables.tf
create mode 100644 modules/base_env/versions.tf
create mode 100644 modules/base_env/vpn.tf.example
create mode 100644 modules/base_shared_vpc/README.md
create mode 100644 modules/base_shared_vpc/dns.tf
create mode 100644 modules/base_shared_vpc/firewall.tf
create mode 100644 modules/base_shared_vpc/main.tf
create mode 100644 modules/base_shared_vpc/nat.tf
create mode 100644 modules/base_shared_vpc/outputs.tf
create mode 100644 modules/base_shared_vpc/private_service_connect.tf
create mode 100644 modules/base_shared_vpc/variables.tf
create mode 100644 modules/base_shared_vpc/versions.tf
create mode 100644 modules/dedicated_interconnect/README.md
create mode 100644 modules/dedicated_interconnect/main.tf
create mode 100644 modules/dedicated_interconnect/outputs.tf
create mode 100644 modules/dedicated_interconnect/variables.tf
create mode 100644 modules/dedicated_interconnect/versions.tf
create mode 100644 modules/hierarchical_firewall_policy/README.md
create mode 100644 modules/hierarchical_firewall_policy/main.tf
create mode 100644 modules/hierarchical_firewall_policy/outputs.tf
create mode 100644 modules/hierarchical_firewall_policy/variables.tf
create mode 100644 modules/hierarchical_firewall_policy/versions.tf
create mode 100644 modules/partner_interconnect/README.md
create mode 100644 modules/partner_interconnect/main.tf
create mode 100644 modules/partner_interconnect/outputs.tf
create mode 100644 modules/partner_interconnect/variables.tf
create mode 100644 modules/partner_interconnect/versions.tf
create mode 100644 modules/restricted_shared_vpc/README.md
create mode 100644 modules/restricted_shared_vpc/dns.tf
create mode 100644 modules/restricted_shared_vpc/firewall.tf
create mode 100644 modules/restricted_shared_vpc/main.tf
create mode 100644 modules/restricted_shared_vpc/nat.tf
create mode 100644 modules/restricted_shared_vpc/outputs.tf
create mode 100644 modules/restricted_shared_vpc/private_service_connect.tf
create mode 100644 modules/restricted_shared_vpc/service_control.tf
create mode 100644 modules/restricted_shared_vpc/variables.tf
create mode 100644 modules/restricted_shared_vpc/versions.tf
create mode 100755 modules/transitivity/README.md
create mode 100644 modules/transitivity/assets/gw.yaml
create mode 100644 modules/transitivity/main.tf
create mode 100644 modules/transitivity/variables.tf
create mode 100644 modules/transitivity/versions.tf
create mode 100755 modules/vpn-ha/README.md
create mode 100755 modules/vpn-ha/main.tf
create mode 100644 modules/vpn-ha/variables.tf
create mode 100644 shared.auto.tfvars
create mode 100755 tf-wrapper.sh
push to shared
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh init shared
*************** TERRAFORM INIT *******************
At environment: envs/shared
**************************************************
Initializing modules...
- base_shared_vpc in ../../modules/base_shared_vpc
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for base_shared_vpc.firewall_rules...
- base_shared_vpc.firewall_rules in .terraform/modules/base_shared_vpc.firewall_rules/modules/network-firewall-policy
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for base_shared_vpc.main...
- base_shared_vpc.main in .terraform/modules/base_shared_vpc.main
- base_shared_vpc.main.firewall_rules in .terraform/modules/base_shared_vpc.main/modules/firewall-rules
- base_shared_vpc.main.routes in .terraform/modules/base_shared_vpc.main/modules/routes
- base_shared_vpc.main.subnets in .terraform/modules/base_shared_vpc.main/modules/subnets
- base_shared_vpc.main.vpc in .terraform/modules/base_shared_vpc.main/modules/vpc
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for base_shared_vpc.peering...
- base_shared_vpc.peering in .terraform/modules/base_shared_vpc.peering/modules/network-peering
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for base_shared_vpc.peering_zone...
- base_shared_vpc.peering_zone in .terraform/modules/base_shared_vpc.peering_zone
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for base_shared_vpc.private_service_connect...
- base_shared_vpc.private_service_connect in .terraform/modules/base_shared_vpc.private_service_connect/modules/private-service-connect
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for base_shared_vpc.private_service_connect.gcr...
- base_shared_vpc.private_service_connect.gcr in .terraform/modules/base_shared_vpc.private_service_connect.gcr
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for base_shared_vpc.private_service_connect.googleapis...
- base_shared_vpc.private_service_connect.googleapis in .terraform/modules/base_shared_vpc.private_service_connect.googleapis
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for base_shared_vpc.private_service_connect.pkg_dev...
- base_shared_vpc.private_service_connect.pkg_dev in .terraform/modules/base_shared_vpc.private_service_connect.pkg_dev
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for base_shared_vpc.region1_router1...
- base_shared_vpc.region1_router1 in .terraform/modules/base_shared_vpc.region1_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for base_shared_vpc.region1_router2...
- base_shared_vpc.region1_router2 in .terraform/modules/base_shared_vpc.region1_router2
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for base_shared_vpc.region2_router1...
- base_shared_vpc.region2_router1 in .terraform/modules/base_shared_vpc.region2_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for base_shared_vpc.region2_router2...
- base_shared_vpc.region2_router2 in .terraform/modules/base_shared_vpc.region2_router2
- base_transitivity in ../../modules/transitivity
Downloading registry.terraform.io/GoogleCloudPlatform/lb-internal/google 5.1.0 for base_transitivity.ilbs...
- base_transitivity.ilbs in .terraform/modules/base_transitivity.ilbs
Downloading registry.terraform.io/terraform-google-modules/vm/google 10.1.1 for base_transitivity.migs...
- base_transitivity.migs in .terraform/modules/base_transitivity.migs/modules/mig
Downloading registry.terraform.io/terraform-google-modules/service-accounts/google 4.2.2 for base_transitivity.service_account...
- base_transitivity.service_account in .terraform/modules/base_transitivity.service_account
Downloading registry.terraform.io/terraform-google-modules/vm/google 10.1.1 for base_transitivity.templates...
- base_transitivity.templates in .terraform/modules/base_transitivity.templates/modules/instance_template
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for dns-forwarding-zone...
- dns-forwarding-zone in .terraform/modules/dns-forwarding-zone
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for dns_hub_region1_router1...
- dns_hub_region1_router1 in .terraform/modules/dns_hub_region1_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for dns_hub_region1_router2...
- dns_hub_region1_router2 in .terraform/modules/dns_hub_region1_router2
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for dns_hub_region2_router1...
- dns_hub_region2_router1 in .terraform/modules/dns_hub_region2_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for dns_hub_region2_router2...
- dns_hub_region2_router2 in .terraform/modules/dns_hub_region2_router2
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for dns_hub_vpc...
- dns_hub_vpc in .terraform/modules/dns_hub_vpc
- dns_hub_vpc.firewall_rules in .terraform/modules/dns_hub_vpc/modules/firewall-rules
- dns_hub_vpc.routes in .terraform/modules/dns_hub_vpc/modules/routes
- dns_hub_vpc.subnets in .terraform/modules/dns_hub_vpc/modules/subnets
- dns_hub_vpc.vpc in .terraform/modules/dns_hub_vpc/modules/vpc
- hierarchical_firewall_policy in ../../modules/hierarchical_firewall_policy
- restricted_shared_vpc in ../../modules/restricted_shared_vpc
Downloading registry.terraform.io/terraform-google-modules/vpc-service-controls/google 5.2.1 for restricted_shared_vpc.access_level_members...
- restricted_shared_vpc.access_level_members in .terraform/modules/restricted_shared_vpc.access_level_members/modules/access_level
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for restricted_shared_vpc.firewall_rules...
- restricted_shared_vpc.firewall_rules in .terraform/modules/restricted_shared_vpc.firewall_rules/modules/network-firewall-policy
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for restricted_shared_vpc.main...
- restricted_shared_vpc.main in .terraform/modules/restricted_shared_vpc.main
- restricted_shared_vpc.main.firewall_rules in .terraform/modules/restricted_shared_vpc.main/modules/firewall-rules
- restricted_shared_vpc.main.routes in .terraform/modules/restricted_shared_vpc.main/modules/routes
- restricted_shared_vpc.main.subnets in .terraform/modules/restricted_shared_vpc.main/modules/subnets
- restricted_shared_vpc.main.vpc in .terraform/modules/restricted_shared_vpc.main/modules/vpc
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for restricted_shared_vpc.peering...
- restricted_shared_vpc.peering in .terraform/modules/restricted_shared_vpc.peering/modules/network-peering
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for restricted_shared_vpc.peering_zone...
- restricted_shared_vpc.peering_zone in .terraform/modules/restricted_shared_vpc.peering_zone
Downloading registry.terraform.io/terraform-google-modules/network/google 9.0.0 for restricted_shared_vpc.private_service_connect...
- restricted_shared_vpc.private_service_connect in .terraform/modules/restricted_shared_vpc.private_service_connect/modules/private-service-connect
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for restricted_shared_vpc.private_service_connect.gcr...
- restricted_shared_vpc.private_service_connect.gcr in .terraform/modules/restricted_shared_vpc.private_service_connect.gcr
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for restricted_shared_vpc.private_service_connect.googleapis...
- restricted_shared_vpc.private_service_connect.googleapis in .terraform/modules/restricted_shared_vpc.private_service_connect.googleapis
Downloading registry.terraform.io/terraform-google-modules/cloud-dns/google 5.2.0 for restricted_shared_vpc.private_service_connect.pkg_dev...
- restricted_shared_vpc.private_service_connect.pkg_dev in .terraform/modules/restricted_shared_vpc.private_service_connect.pkg_dev
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for restricted_shared_vpc.region1_router1...
- restricted_shared_vpc.region1_router1 in .terraform/modules/restricted_shared_vpc.region1_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for restricted_shared_vpc.region1_router2...
- restricted_shared_vpc.region1_router2 in .terraform/modules/restricted_shared_vpc.region1_router2
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for restricted_shared_vpc.region2_router1...
- restricted_shared_vpc.region2_router1 in .terraform/modules/restricted_shared_vpc.region2_router1
Downloading registry.terraform.io/terraform-google-modules/cloud-router/google 6.0.2 for restricted_shared_vpc.region2_router2...
- restricted_shared_vpc.region2_router2 in .terraform/modules/restricted_shared_vpc.region2_router2
Downloading registry.terraform.io/terraform-google-modules/vpc-service-controls/google 5.2.1 for restricted_shared_vpc.regular_service_perimeter...
- restricted_shared_vpc.regular_service_perimeter in .terraform/modules/restricted_shared_vpc.regular_service_perimeter/modules/regular_service_perimeter
- restricted_transitivity in ../../modules/transitivity
Downloading registry.terraform.io/GoogleCloudPlatform/lb-internal/google 5.1.0 for restricted_transitivity.ilbs...
- restricted_transitivity.ilbs in .terraform/modules/restricted_transitivity.ilbs
Downloading registry.terraform.io/terraform-google-modules/vm/google 10.1.1 for restricted_transitivity.migs...
- restricted_transitivity.migs in .terraform/modules/restricted_transitivity.migs/modules/mig
Downloading registry.terraform.io/terraform-google-modules/service-accounts/google 4.2.2 for restricted_transitivity.service_account...
- restricted_transitivity.service_account in .terraform/modules/restricted_transitivity.service_account
Downloading registry.terraform.io/terraform-google-modules/vm/google 10.1.1 for restricted_transitivity.templates...
- restricted_transitivity.templates in .terraform/modules/restricted_transitivity.templates/modules/instance_template
Initializing the backend...
Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- terraform.io/builtin/terraform is built in to Terraform
- Finding hashicorp/google versions matching ">= 3.33.0, >= 3.50.0, >= 3.53.0, >= 3.83.0, >= 4.25.0, >= 4.26.0, >= 4.40.0, >= 4.48.0, >= 4.51.0, >= 4.64.0, >= 4.65.0, >= 4.67.0, < 6.0.0"...
- Finding hashicorp/google-beta versions matching ">= 3.50.0, >= 4.26.0, >= 4.40.0, >= 4.48.0, >= 4.64.0, >= 4.65.0, < 6.0.0"...
- Finding hashicorp/random versions matching ">= 3.4.0"...
- Finding hashicorp/null versions matching ">= 3.2.0"...
- Finding latest version of hashicorp/time...
- Installing hashicorp/google v5.24.0...
- Installed hashicorp/google v5.24.0 (signed by HashiCorp)
- Installing hashicorp/google-beta v5.24.0...
- Installed hashicorp/google-beta v5.24.0 (signed by HashiCorp)
- Installing hashicorp/random v3.6.0...
- Installed hashicorp/random v3.6.0 (signed by HashiCorp)
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
- Installing hashicorp/time v0.11.1...
- Installed hashicorp/time v0.11.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
envs/production doesn't match shared; skipping
envs/non-production doesn't match shared; skipping
envs/development doesn't match shared; skipping
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ /tf-wrapper.sh plan shared
Error: Unsupported attribute
on remote.tf line 31, in locals:
31: development_folder_name = data.terraform_remote_state.env_development.outputs.env_folder
├────────────────
│ data.terraform_remote_state.env_development.outputs is object with no attributes
This object does not have an attribute named "env_folder".
copy back to repo
TODO: remove hardcoded repos 3-networks-hub-and-spoke/envs/shared/main.tf
default_region1 = "us-west1"
default_region2 = "us-central1"
20240413:1700
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ wget https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_linux_amd64.zip
--2024-04-13 20:57:30-- https://releases.hashicorp.com/terraform/1.3.10/terraform_1.3.10_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 13.35.116.16, 13.35.116.98, 13.35.116.59, ...
Connecting to releases.hashicorp.com (releases.hashicorp.com)|13.35.116.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19989918 (19M) [application/zip]
Saving to: ‘terraform_1.3.10_linux_amd64.zip’
terraform_1.3.10_linux_amd64.zip 100%[==================================================================================>] 19.06M 56.2MB/s in 0.3s
2024-04-13 20:57:31 (56.2 MB/s) - ‘terraform_1.3.10_linux_amd64.zip’ saved [19989918/19989918]
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ unzip terraform_1.3.10_linux_amd64.zip
Archive: terraform_1.3.10_linux_amd64.zip
inflating: terraform
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ sudo cp terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
in step 9 forgot step 8 cb project id and impersonation
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id) michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID} prj-b-cicd-82vv michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw networks_step_terraform_service_account_email) michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ echo ${GOOGLE_IMPERSONATE_SERVICE_ACCOUNT} sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com
## 3-hub step 9
ichael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh plan shared * TERRAFORM PLAN ***** At environment: envs/shared
data.terraform_remote_state.env_development: Reading... data.terraform_remote_state.env_non_production: Reading... data.terraform_remote_state.env_production: Reading... data.terraform_remote_state.bootstrap: Reading... data.terraform_remote_state.org: Reading... data.terraform_remote_state.env_production: Read complete after 0s data.terraform_remote_state.env_non_production: Read complete after 1s data.terraform_remote_state.env_development: Read complete after 1s data.terraform_remote_state.org: Read complete after 1s data.terraform_remote_state.bootstrap: Read complete after 2s
Error: Unsupported attribute
on remote.tf line 31, in locals: 31: development_folder_name = data.terraform_remote_state.env_development.outputs.env_folder ├──────────────── │ data.terraform_remote_state.env_development.outputs is object with no attributes
This object does not have an attribute named "env_folder".
x
triage
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output bootstrap_step_terraform_service_account_email = "sa-terraform-bootstrap@prj-b-seed-8919.iam.gserviceaccount.com" cloud_build_peered_network_id = "projects/prj-b-cicd-82vv/global/networks/vpc-b-cbpools" cloud_build_private_worker_pool_id = "projects/prj-b-cicd-82vv/locations/us-central1/workerPools/private-pool-yqvb" cloud_build_worker_peered_ip_range = "192.168.0.0/24" cloud_build_worker_range_id = "projects/prj-b-cicd-82vv/global/addresses/ga-b-cbpools-worker-pool-range" cloud_builder_artifact_repo = "projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners" cloudbuild_project_id = "prj-b-cicd-82vv" common_config = { "billing_account" = "01BC..C8" "bootstrap_folder_name" = "folders/173484768969" "default_region" = "us-central1" "folder_prefix" = "fldr" "org_id" = "1064386348915" "parent_folder" = "736660879367" "parent_id" = "folders/736660879367" "project_prefix" = "prj" } csr_repos = { "gcp-bootstrap" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-bootstrap" "name" = "gcp-bootstrap" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-bootstrap" } "gcp-environments" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-environments" "name" = "gcp-environments" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments" } "gcp-networks" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-networks" "name" = "gcp-networks" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-networks" } "gcp-org" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-org" "name" = "gcp-org" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-org" } "gcp-policies" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-policies" "name" = "gcp-policies" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-policies" } "gcp-projects" = { "id" = "projects/prj-b-cicd-82vv/repos/gcp-projects" "name" = "gcp-projects" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects" } "tf-cloudbuilder" = { "id" = "projects/prj-b-cicd-82vv/repos/tf-cloudbuilder" "name" = "tf-cloudbuilder" "project" = "prj-b-cicd-82vv" "url" = "https://source.developers.google.com/p/prj-b-cicd-82vv/r/tf-cloudbuilder" } } environment_step_terraform_service_account_email = "sa-terraform-env@prj-b-seed-8919.iam.gserviceaccount.com" gcs_bucket_cloudbuild_artifacts = { "bootstrap" = "bkt-prj-b-cicd-82vv-gcp-bootstrap-build-artifacts" "env" = "bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts" "net" = "bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts" "org" = "bkt-prj-b-cicd-82vv-gcp-org-build-artifacts" "proj" = "bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts" } gcs_bucket_cloudbuild_logs = { "bootstrap" = "bkt-prj-b-cicd-82vv-gcp-bootstrap-build-logs" "env" = "bkt-prj-b-cicd-82vv-gcp-environments-build-logs" "net" = "bkt-prj-b-cicd-82vv-gcp-networks-build-logs" "org" = "bkt-prj-b-cicd-82vv-gcp-org-build-logs" "proj" = "bkt-prj-b-cicd-82vv-gcp-projects-build-logs" } gcs_bucket_tfstate = "bkt-prj-b-seed-tfstate-7120" networks_step_terraform_service_account_email = "sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com" optional_groups = tomap({ "gcp_global_secrets_admin" = "gcp_global_secrets_admin_local_test@obrienlabs.xyz" "gcp_kms_admin" = "gcp_kms_admin_local_test@obrienlabs.xyz" "gcp_network_viewer" = "gcp_network_viewer_local_test@obrienlabs.xyz" "gcp_scc_admin" = "gcp_scc_admin_local_test@obrienlabs.xyz" "gcp_security_reviewer" = "gcp_security_reviewer_local_test@obrienlabs.xyz" }) organization_step_terraform_service_account_email = "sa-terraform-org@prj-b-seed-8919.iam.gserviceaccount.com" projects_gcs_bucket_tfstate = "bkt-prj-b-seed-8919-gcp-projects-tfstate" projects_step_terraform_service_account_email = "sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com" required_groups = tomap({ "audit_data_users" = "gcp-audit-data@obrienlabs.xyz" "billing_data_users" = "gcp-billing-data@obrienlabs.xyz" "group_billing_admins" = "gcp-billing-admins@obrienlabs.xyz" "group_org_admins" = "gcp-organization-admins@obrienlabs.xyz" "monitoring_workspace_users" = "gcp-monitoring-workspace@obrienlabs.xyz" }) seed_project_id = "prj-b-seed-8919"
It looks like I am missing the apply on bootstrap from cloud build - or 2-environments - where the output occurs
https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/gh360-day0-deploy-example/2-environments/modules/env_baseline/outputs.tf#L17C1-L20C2
output "env_folder" { description = "Environment folder created under parent." value = google_folder.env.name }
https://console.cloud.google.com/cloud-build/builds;region=us-central1/041fd9b4-4a1f-47a6-a2f2-636dfcce4136;step=2?hl=en&project=prj-b-cicd-82vv&supportedpurview=project
Plan: 30 to add, 0 to change, 0 to destroy.
Changes to Outputs:
Apply complete! Resources: 30 added, 0 changed, 0 destroyed.
Outputs:
assured_workload_id = "" assured_workload_resources = [] env_folder = "folders/206926817949"
is in the state file off cloud build - not local 0-bootstrap
## solved - forgot to run development folder in 2 - I only had prod/non-prod - and was planning on skipping dev for quota - nope
<img width="1028" alt="Screenshot 2024-04-13 at 17 38 02" src="https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/assets/24765473/0d698943-cbd5-4493-ad8f-7540ea38b232">
## 2-environments apply development
el@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ cd .. michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-environments/ michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git status On branch production nothing to commit, working tree clean michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git checkout -b development Switched to a new branch 'development' michael@cloudshell:~/tef-olxyz/github/gcp-environments (tef-olxyz)$ git push origin development Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-environments
before
<img width="775" alt="Screenshot 2024-04-13 at 17 45 06" src="https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/assets/24765473/a3e229b1-1764-43bc-a4fe-ef019493a9cd">
after
Starting Step #4 - "tf apply"
Step #4 - "tf apply": Already have image (with digest): us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1
Step #4 - "tf apply": envs/production doesn't match development; skipping
Step #4 - "tf apply": envs/non-production doesn't match development; skipping
Step #4 - "tf apply": *************** TERRAFORM APPLY *******************
Step #4 - "tf apply": At environment: envs/development
Step #4 - "tf apply": ***************************************************
Step #4 - "tf apply": module.env.google_folder.env: Creating...
Step #4 - "tf apply": module.env.google_folder.env: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.google_folder.env: Creation complete after 12s [id=folders/353249398002]
Step #4 - "tf apply": module.env.time_sleep.wait_60_seconds: Creating...
Step #4 - "tf apply": module.env.time_sleep.wait_60_seconds: Creation complete after 0s [id=2024-04-13T21:44:52Z]
Step #4 - "tf apply": module.env.google_tags_tag_binding.folder_env: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.random_string.random_project_id_suffix[0]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.random_id.random_project_id_suffix: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.random_string.random_project_id_suffix[0]: Creation complete after 0s [id=hwfg]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.random_id.random_project_id_suffix: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.random_id.random_project_id_suffix: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.random_id.random_project_id_suffix: Creation complete after 0s [id=NLI]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.random_id.random_project_id_suffix: Creation complete after 0s [id=kJE]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.random_id.random_project_id_suffix: Creation complete after 0s [id=OEA]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.random_string.random_project_id_suffix[0]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.random_string.random_project_id_suffix[0]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.random_string.random_project_id_suffix[0]: Creation complete after 0s [id=rrkx]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.random_string.random_project_id_suffix[0]: Creation complete after 0s [id=jl08]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Creating...
Step #4 - "tf apply": module.env.google_tags_tag_binding.folder_env: Creation complete after 1s [id=tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F353249398002/tagValues/281483791828482]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Still creating... [30s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Still creating... [30s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Still creating... [30s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Still creating... [40s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Still creating... [40s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Still creating... [40s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project.main: Creation complete after 46s [id=projects/prj-d-secrets-rrkx]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["secretmanager.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_service_account.default_service_account[0]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 2s [id=projects/prj-d-secrets-rrkx/serviceAccounts/project-service-account@prj-d-secrets-rrkx.iam.gserviceaccount.com]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Still creating... [50s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Still creating... [50s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["secretmanager.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project.main: Creation complete after 56s [id=projects/prj-d-kms-jl08]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_service_account.default_service_account[0]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project.main: Creation complete after 57s [id=projects/prj-d-monitoring-hwfg]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_service_account.default_service_account[0]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 2s [id=projects/prj-d-kms-jl08/serviceAccounts/project-service-account@prj-d-kms-jl08.iam.gserviceaccount.com]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 3s [id=projects/prj-d-monitoring-hwfg/serviceAccounts/project-service-account@prj-d-monitoring-hwfg.iam.gserviceaccount.com]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["secretmanager.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [10s elapsed]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["secretmanager.googleapis.com"]: Creation complete after 22s [id=prj-d-secrets-rrkx/secretmanager.googleapis.com]
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creation complete after 22s [id=prj-d-secrets-rrkx/logging.googleapis.com]
Step #4 - "tf apply": module.env.module.env_secrets.module.budget.data.google_project.project[0]: Reading...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.budget.data.google_project.project[0]: Read complete after 0s [id=projects/prj-d-secrets-rrkx]
Step #4 - "tf apply": module.env.module.env_secrets.module.budget.google_billing_budget.budget[0]: Creating...
Step #4 - "tf apply": module.env.module.env_secrets.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 1s [id=projects/prj-d-secrets-rrkx]
Step #4 - "tf apply": module.env.module.env_secrets.module.budget.google_billing_budget.budget[0]: Creation complete after 1s [id=billingAccounts/01BCCE-4EC0EE-DC58C8/budgets/e1f74835-6928-4d76-9a34-73572d4dc0b6]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creation complete after 21s [id=prj-d-kms-jl08/billingbudgets.googleapis.com]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creation complete after 21s [id=prj-d-kms-jl08/logging.googleapis.com]
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creation complete after 21s [id=prj-d-kms-jl08/cloudkms.googleapis.com]
Step #4 - "tf apply": module.env.module.env_kms.module.budget.data.google_project.project[0]: Reading...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.budget.data.google_project.project[0]: Read complete after 0s [id=projects/prj-d-kms-jl08]
Step #4 - "tf apply": module.env.module.env_kms.module.budget.google_billing_budget.budget[0]: Creating...
Step #4 - "tf apply": module.env.module.env_kms.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-d-kms-jl08]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [20s elapsed]
Step #4 - "tf apply": module.env.module.env_kms.module.budget.google_billing_budget.budget[0]: Creation complete after 1s [id=billingAccounts/01BCCE-4EC0EE-DC58C8/budgets/06ba685c-d14c-4827-a5a1-d0effd160f69]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["monitoring.googleapis.com"]: Creation complete after 21s [id=prj-d-monitoring-hwfg/monitoring.googleapis.com]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["logging.googleapis.com"]: Creation complete after 21s [id=prj-d-monitoring-hwfg/logging.googleapis.com]
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creation complete after 21s [id=prj-d-monitoring-hwfg/billingbudgets.googleapis.com]
Step #4 - "tf apply": module.env.module.monitoring_project.module.budget.data.google_project.project[0]: Reading...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
Step #4 - "tf apply": module.env.google_project_iam_member.monitoring_viewer: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-d-monitoring-hwfg]
Step #4 - "tf apply": module.env.module.monitoring_project.module.budget.data.google_project.project[0]: Read complete after 0s [id=projects/prj-d-monitoring-hwfg]
Step #4 - "tf apply": module.env.module.monitoring_project.module.budget.google_billing_budget.budget[0]: Creating...
Step #4 - "tf apply": module.env.module.monitoring_project.module.budget.google_billing_budget.budget[0]: Creation complete after 1s [id=billingAccounts/01BCCE-4EC0EE-DC58C8/budgets/d1a58d65-762f-4255-a553-b53f45d599bc]
Step #4 - "tf apply": module.env.google_project_iam_member.monitoring_viewer: Creation complete after 7s [id=prj-d-monitoring-hwfg/roles/monitoring.viewer/group:gcp-monitoring-workspace@obrienlabs.xyz]
Step #4 - "tf apply":
Step #4 - "tf apply": Apply complete! Resources: 30 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": env_folder = "folders/353249398002"
Step #4 - "tf apply": env_kms_project_id = "prj-d-kms-jl08"
Step #4 - "tf apply": env_secrets_project_id = "prj-d-secrets-rrkx"
Step #4 - "tf apply": monitoring_project_id = "prj-d-monitoring-hwfg"
Step #4 - "tf apply": policy-library/policies doesn't match development; skipping
Step #4 - "tf apply": policy-library/lib doesn't match development; skipping
Step #4 - "tf apply": policy-library/.git doesn't match development; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-development.tfplan [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/127.4 KiB] 0% Done
/ [1/1 files][127.4 KiB/127.4 KiB] 100% Done
Operation completed over 1 objects/127.4 KiB.
tmp_plan/*.tfplan: 1 matching files uploaded
2 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/df615c83-83a8-44f7-8784-bb982705f74c/
Uploading manifest artifacts-df615c83-83a8-44f7-8784-bb982705f74c.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-environments-build-artifacts/terraform/cloudbuild/apply/df615c83-83a8-44f7-8784-bb982705f74c/artifacts-df615c83-83a8-44f7-8784-bb982705f74c.json
DONE
init
plan
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh plan shared
Plan: 82 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ dns_hub_project_id = "prj-c-dns-hub-6f4b"
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: /home/michael/tef-olxyz/github/gcp-networks/tmp_plan/envs-shared.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "/home/michael/tef-olxyz/github/gcp-networks/tmp_plan/envs-shared.tfplan"
envs/production doesn't match shared; skipping
envs/non-production doesn't match shared; skipping
envs/development doesn't match shared; skipping
ichael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
At environment: envs/shared
***************************************************
module.hierarchical_firewall_policy.random_string.suffix: Creating...
module.hierarchical_firewall_policy.random_string.suffix: Creation complete after 0s [id=3q5s]
module.dns_hub_vpc.module.vpc.google_compute_network.network: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creating...
odule.dns_hub_vpc.module.vpc.google_compute_network.network: Still creating... [10s elapsed]
module.dns_hub_vpc.module.vpc.google_compute_network.network: Still creating... [20s elapsed]
module.dns_hub_vpc.module.vpc.google_compute_network.network: Still creating... [30s elapsed]
module.dns_hub_vpc.module.vpc.google_compute_network.network: Creation complete after 33s [id=projects/prj-c-dns-hub-6f4b/global/networks/vpc-c-dns-hub]
module.dns_hub_region1_router1.google_compute_router.router: Creating...
google_dns_policy.default_policy: Creating...
module.dns_hub_region2_router2.google_compute_router.router: Creating...
module.dns_hub_region1_router2.google_compute_router.router: Creating...
module.dns_hub_region2_router1.google_compute_router.router: Creating...
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-dns-hub-us-central1"]: Creating...
module.dns-forwarding-zone.google_dns_managed_zone.forwarding[0]: Creating...
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-dns-hub-us-west1"]: Creating...
module.dns-forwarding-zone.google_dns_managed_zone.forwarding[0]: Creation complete after 2s [id=projects/prj-c-dns-hub-6f4b/managedZones/fz-dns-hub]
google_dns_policy.default_policy: Creation complete after 2s [id=projects/prj-c-dns-hub-6f4b/policies/dp-dns-hub-default-policy]
module.dns_hub_region1_router1.google_compute_router.router: Still creating... [10s elapsed]
module.dns_hub_region1_router2.google_compute_router.router: Still creating... [10s elapsed]
module.dns_hub_region2_router1.google_compute_router.router: Still creating... [10s elapsed]
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-dns-hub-us-west1"]: Still creating... [10s elapsed]
module.dns_hub_region2_router2.google_compute_router.router: Still creating... [10s elapsed]
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-dns-hub-us-central1"]: Still creating... [10s elapsed]
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-dns-hub-us-central1"]: Creation complete after 13s [id=projects/prj-c-dns-hub-6f4b/regions/us-central1/subnetworks/sb-c-dns-hub-us-central1]
module.dns_hub_region2_router1.google_compute_router.router: Creation complete after 13s [id=projects/prj-c-dns-hub-6f4b/regions/us-central1/routers/cr-c-dns-hub-us-central1-cr3]
module.dns_hub_region1_router2.google_compute_router.router: Creation complete after 16s [id=projects/prj-c-dns-hub-6f4b/regions/us-west1/routers/cr-c-dns-hub-us-west1-cr2]
module.dns_hub_vpc.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-dns-hub-us-west1"]: Creation complete after 17s [id=projects/prj-c-dns-hub-6f4b/regions/us-west1/subnetworks/sb-c-dns-hub-us-west1]
module.dns_hub_vpc.module.routes.google_compute_route.route["rt-c-dns-hub-1000-all-default-private-api"]: Creating...
module.dns_hub_region1_router1.google_compute_router.router: Still creating... [20s elapsed]
module.dns_hub_region2_router2.google_compute_router.router: Still creating... [20s elapsed]
module.dns_hub_region2_router2.google_compute_router.router: Creation complete after 23s [id=projects/prj-c-dns-hub-6f4b/regions/us-central1/routers/cr-c-dns-hub-us-central1-cr4]
module.dns_hub_region1_router1.google_compute_router.router: Creation complete after 25s [id=projects/prj-c-dns-hub-6f4b/regions/us-west1/routers/cr-c-dns-hub-us-west1-cr1]
module.dns_hub_vpc.module.routes.google_compute_route.route["rt-c-dns-hub-1000-all-default-private-api"]: Still creating... [10s elapsed]
module.dns_hub_vpc.module.routes.google_compute_route.route["rt-c-dns-hub-1000-all-default-private-api"]: Creation complete after 12s [id=projects/prj-c-dns-hub-6f4b/global/routes/rt-c-dns-hub-1000-all-default-private-api]
module.restricted_shared_vpc.random_id.random_access_level_suffix: Creating...
module.base_shared_vpc.data.google_compute_network.vpc_dns_hub: Reading...
module.restricted_shared_vpc.data.google_compute_network.vpc_dns_hub: Reading...
module.restricted_shared_vpc.random_id.random_access_level_suffix: Creation complete after 0s [id=Z_E]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_network.network: Creating...
module.base_shared_vpc.module.main.module.vpc.google_compute_network.network: Creating...
module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level: Creating...
module.base_shared_vpc.data.google_compute_network.vpc_dns_hub: Read complete after 0s [id=projects/prj-c-dns-hub-6f4b/global/networks/vpc-c-dns-hub]
module.restricted_shared_vpc.data.google_compute_network.vpc_dns_hub: Read complete after 0s [id=projects/prj-c-dns-hub-6f4b/global/networks/vpc-c-dns-hub]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [20s elapsed]
module.base_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [30s elapsed]
module.base_shared_vpc.module.main.module.vpc.google_compute_network.network: Still creating... [30s elapsed]
module.base_shared_vpc.module.main.module.vpc.google_compute_network.network: Creation complete after 32s [id=projects/prj-c-base-net-hub-5y8h/global/networks/vpc-c-shared-base-hub]
module.base_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Creating...
module.base_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Creating...
module.base_shared_vpc.module.peering_zone.google_dns_managed_zone.peering[0]: Creating...
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_managed_zone.private[0]: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1-proxy"]: Creating...
module.base_shared_vpc.google_dns_policy.default_policy: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_managed_zone.private[0]: Creating...
module.restricted_shared_vpc.module.main.module.vpc.google_compute_network.network: Creation complete after 33s [id=projects/prj-c-restricted-net-hub-a8d5/global/networks/vpc-c-shared-restricted-hub]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1-proxy"]: Creating...
module.base_shared_vpc.module.peering_zone.google_dns_managed_zone.peering[0]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-to-dns-hub]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_managed_zone.private[0]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-apis]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Creating...
module.base_shared_vpc.google_dns_policy.default_policy: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/policies/dp-c-shared-base-default-policy]
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_managed_zone.private[0]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-gcr]
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_managed_zone.private[0]: Creating...
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_managed_zone.private[0]: Creation complete after 1s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-pkg-dev]
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["private/A"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 3s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-apis/rrsets/*.googleapis.com./CNAME]
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["/A"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["private/A"]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-apis/rrsets/private.googleapis.com./A]
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["/A"]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-gcr/rrsets/gcr.io./A]
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 3s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-gcr/rrsets/*.gcr.io./CNAME]
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["/A"]: Creating...
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 3s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-pkg-dev/rrsets/*.pkg.dev./CNAME]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1-proxy"]: Creating...
module.base_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Still creating... [10s elapsed]
module.base_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Still creating... [10s elapsed]
module.base_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["/A"]: Creation complete after 2s [id=projects/prj-c-base-net-hub-5y8h/managedZones/dz-c-shared-base-pkg-dev/rrsets/pkg.dev./A]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1"]: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1-proxy"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1-proxy"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Creation complete after 11s [id=prj-c-base-net-hub-5y8h]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1"]: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/global/firewallPolicies/fp-c-hub-and-spoke-base-firewalls]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1-proxy"]: Creating...
module.base_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/global/addresses/global-psconnect-ip]
module.restricted_shared_vpc.google_dns_policy.default_policy: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1"]: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1-proxy"]: Creation complete after 13s [id=projects/prj-c-base-net-hub-5y8h/regions/us-central1/subnetworks/sb-c-shared-base-hub-us-central1-proxy]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Creating...
module.restricted_shared_vpc.google_dns_policy.default_policy: Creation complete after 2s [id=projects/prj-c-restricted-net-hub-a8d5/policies/dp-c-shared-restricted-default-policy]
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_association.vpc_associations["cHJvamVjdHMvcHJqLWMtYmFzZS1uZXQtaHViLTV5OGgvZ2xvYmFsL25ldHdvcmtzL3ZwYy1jLXNoYXJlZC1iYXNlLWh1Yg=="]: Creating...
module.restricted_shared_vpc.module.main.module.vpc.google_compute_shared_vpc_host_project.shared_vpc_host[0]: Creation complete after 11s [id=prj-c-restricted-net-hub-a8d5]
module.base_shared_vpc.module.private_service_connect.google_compute_global_forwarding_rule.forwarding_rule_private_service_connect: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-base-hub-us-central1"]: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/regions/us-central1/subnetworks/sb-c-shared-base-hub-us-central1]
module.restricted_shared_vpc.module.peering_zone.google_dns_managed_zone.peering[0]: Creating...
module.restricted_shared_vpc.module.peering_zone.google_dns_managed_zone.peering[0]: Creation complete after 2s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-to-dns-hub]
module.restricted_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_association.vpc_associations["cHJvamVjdHMvcHJqLWMtYmFzZS1uZXQtaHViLTV5OGgvZ2xvYmFsL25ldHdvcmtzL3ZwYy1jLXNoYXJlZC1iYXNlLWh1Yg=="]: Creation complete after 6s [id=projects/prj-c-base-net-hub-5y8h/global/firewallPolicies/fp-c-hub-and-spoke-base-firewalls/associations/fp-c-hub-and-spoke-base-firewalls-vpc-c-shared-base-hub]
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_managed_zone.private[0]: Creating...
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1-proxy"]: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_managed_zone.private[0]: Creation complete after 1s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-apis]
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_managed_zone.private[0]: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1-proxy"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1"]: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1-proxy"]: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_managed_zone.private[0]: Creation complete after 1s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-pkg-dev]
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_managed_zone.private[0]: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_managed_zone.private[0]: Creation complete after 1s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-gcr]
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Still creating... [10s elapsed]
module.base_shared_vpc.module.private_service_connect.google_compute_global_forwarding_rule.forwarding_rule_private_service_connect: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy.fw_policy[0]: Creation complete after 11s [id=projects/prj-c-restricted-net-hub-a8d5/global/firewallPolicies/fp-c-hub-and-spoke-restricted-firewalls]
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["restricted/A"]: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 2s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-apis/rrsets/*.googleapis.com./CNAME]
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.base_shared_vpc.module.private_service_connect.google_compute_global_forwarding_rule.forwarding_rule_private_service_connect: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/global/forwardingRules/globalrule]
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["/A"]: Creating...
module.restricted_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 1s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-pkg-dev/rrsets/*.pkg.dev./CNAME]
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["/A"]: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.pkg_dev.google_dns_record_set.cloud-static-records["/A"]: Creation complete after 2s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-pkg-dev/rrsets/pkg.dev./A]
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["*/CNAME"]: Creating...
module.restricted_shared_vpc.module.private_service_connect.google_compute_global_address.private_service_connect: Creation complete after 11s [id=projects/prj-c-restricted-net-hub-a8d5/global/addresses/global-psconnect-ip]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_association.vpc_associations["cHJvamVjdHMvcHJqLWMtcmVzdHJpY3RlZC1uZXQtaHViLWE4ZDUvZ2xvYmFsL25ldHdvcmtzL3ZwYy1jLXNoYXJlZC1yZXN0cmljdGVkLWh1Yg=="]: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["/A"]: Creation complete after 2s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-gcr/rrsets/gcr.io./A]
module.restricted_shared_vpc.module.private_service_connect.google_compute_global_forwarding_rule.forwarding_rule_private_service_connect: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1-proxy"]: Creation complete after 26s [id=projects/prj-c-base-net-hub-5y8h/regions/us-west1/subnetworks/sb-c-shared-base-hub-us-west1-proxy]
module.base_shared_vpc.module.region1_router1[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.gcr.google_dns_record_set.cloud-static-records["*/CNAME"]: Creation complete after 1s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-gcr/rrsets/*.gcr.io./CNAME]
module.base_shared_vpc.module.region2_router1[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.private_service_connect.module.googleapis.google_dns_record_set.cloud-static-records["restricted/A"]: Creation complete after 3s [id=projects/prj-c-restricted-net-hub-a8d5/managedZones/dz-c-shared-restricted-apis/rrsets/restricted.googleapis.com./A]
module.base_shared_vpc.module.region1_router2[0].google_compute_router.router: Creating...
module.base_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-base-hub-us-west1"]: Creation complete after 28s [id=projects/prj-c-base-net-hub-5y8h/regions/us-west1/subnetworks/sb-c-shared-base-hub-us-west1]
module.base_shared_vpc.module.region2_router2[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1-proxy"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1-proxy"]: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1"]: Creation complete after 24s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-central1/subnetworks/sb-c-shared-restricted-hub-us-central1]
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Creating...
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1"]: Creation complete after 23s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-west1/subnetworks/sb-c-shared-restricted-hub-us-west1]
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Creating...
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-west1/sb-c-shared-restricted-hub-us-west1-proxy"]: Creation complete after 25s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-west1/subnetworks/sb-c-shared-restricted-hub-us-west1-proxy]
module.restricted_shared_vpc.module.main.module.subnets.google_compute_subnetwork.subnetwork["us-central1/sb-c-shared-restricted-hub-us-central1-proxy"]: Creation complete after 24s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-central1/subnetworks/sb-c-shared-restricted-hub-us-central1-proxy]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_association.vpc_associations["cHJvamVjdHMvcHJqLWMtcmVzdHJpY3RlZC1uZXQtaHViLWE4ZDUvZ2xvYmFsL25ldHdvcmtzL3ZwYy1jLXNoYXJlZC1yZXN0cmljdGVkLWh1Yg=="]: Creation complete after 9s [id=projects/prj-c-restricted-net-hub-a8d5/global/firewallPolicies/fp-c-hub-and-spoke-restricted-firewalls/associations/fp-c-hub-and-spoke-restricted-firewalls-vpc-c-shared-restricted-hub]
module.base_shared_vpc.module.region1_router1[0].google_compute_router.router: Still creating... [10s elapsed]
module.base_shared_vpc.module.region2_router1[0].google_compute_router.router: Still creating... [10s elapsed]
module.base_shared_vpc.module.region1_router2[0].google_compute_router.router: Still creating... [10s elapsed]
module.base_shared_vpc.module.region2_router2[0].google_compute_router.router: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.private_service_connect.google_compute_global_forwarding_rule.forwarding_rule_private_service_connect: Creation complete after 11s [id=projects/prj-c-restricted-net-hub-a8d5/global/forwardingRules/globalrule]
module.restricted_shared_vpc.module.region1_router1[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.region2_router1[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.region2_router2[0].google_compute_router.router: Creating...
module.restricted_shared_vpc.module.region1_router2[0].google_compute_router.router: Creating...
module.base_shared_vpc.module.region2_router2[0].google_compute_router.router: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/regions/us-central1/routers/cr-c-shared-base-hub-us-central1-cr4]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Creation complete after 11s [id=projects/prj-c-base-net-hub-5y8h/global/firewallPolicies/fp-c-hub-and-spoke-base-firewalls/rules/65530]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Creating...
module.base_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Creation complete after 12s [id=projects/prj-c-base-net-hub-5y8h/global/firewallPolicies/fp-c-hub-and-spoke-base-firewalls/rules/1000]
module.base_shared_vpc.module.region1_router1[0].google_compute_router.router: Still creating... [20s elapsed]
module.base_shared_vpc.module.region2_router1[0].google_compute_router.router: Still creating... [20s elapsed]
module.base_shared_vpc.module.region1_router2[0].google_compute_router.router: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.region1_router1[0].google_compute_router.router: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.region2_router1[0].google_compute_router.router: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.region2_router2[0].google_compute_router.router: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.region1_router2[0].google_compute_router.router: Still creating... [10s elapsed]
module.base_shared_vpc.module.region2_router1[0].google_compute_router.router: Creation complete after 21s [id=projects/prj-c-base-net-hub-5y8h/regions/us-central1/routers/cr-c-shared-base-hub-us-central1-cr3]
module.base_shared_vpc.module.region1_router1[0].google_compute_router.router: Creation complete after 22s [id=projects/prj-c-base-net-hub-5y8h/regions/us-west1/routers/cr-c-shared-base-hub-us-west1-cr1]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Still creating... [10s elapsed]
module.base_shared_vpc.module.region1_router2[0].google_compute_router.router: Creation complete after 23s [id=projects/prj-c-base-net-hub-5y8h/regions/us-west1/routers/cr-c-shared-base-hub-us-west1-cr2]
module.restricted_shared_vpc.module.region1_router1[0].google_compute_router.router: Creation complete after 12s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-west1/routers/cr-c-shared-restricted-hub-us-west1-cr5]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["65530"]: Creation complete after 12s [id=projects/prj-c-restricted-net-hub-a8d5/global/firewallPolicies/fp-c-hub-and-spoke-restricted-firewalls/rules/65530]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Still creating... [10s elapsed]
module.restricted_shared_vpc.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Creation complete after 12s [id=projects/prj-c-restricted-net-hub-a8d5/global/firewallPolicies/fp-c-hub-and-spoke-restricted-firewalls/rules/1000]
odule.restricted_shared_vpc.module.region2_router2[0].google_compute_router.router: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.region1_router2[0].google_compute_router.router: Still creating... [20s elapsed]
module.restricted_shared_vpc.module.region2_router2[0].google_compute_router.router: Creation complete after 22s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-central1/routers/cr-c-shared-restricted-hub-us-central1-cr8]
module.restricted_shared_vpc.module.region2_router1[0].google_compute_router.router: Creation complete after 22s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-central1/routers/cr-c-shared-restricted-hub-us-central1-cr7]
module.restricted_shared_vpc.module.region1_router2[0].google_compute_router.router: Creation complete after 22s [id=projects/prj-c-restricted-net-hub-a8d5/regions/us-west1/routers/cr-c-shared-restricted-hub-us-west1-cr6]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Creating...
odule.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Still creating... [20s elapsed]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Still creating... [30s elapsed]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Still creating... [40s elapsed]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Still creating... [50s elapsed]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Still creating... [1m0s elapsed]
module.restricted_shared_vpc.time_sleep.wait_vpc_sc_propagation: Creation complete after 1m0s [id=2024-04-13T21:53:16Z]
Error: Error waiting to create OrganizationSecurityPolicy: Error waiting for Creating OrganizationSecurityPolicy: error while retrieving operation: googleapi: Error 403: Caller does not have required permission to use project tef-olxyz. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=tef-olxyz and then retry. Propagation of the new permission may take a few minutes.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console IAM admin",
"url": "https://console.developers.google.com/iam-admin/iam/project?project=tef-olxyz"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadatas": {
"consumer": "projects/tef-olxyz",
"service": "compute.googleapis.com"
},
"reason": "USER_PROJECT_DENIED"
}
]
, forbidden
with module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy,
on ../../modules/hierarchical_firewall_policy/main.tf line 27, in resource "google_compute_organization_security_policy" "policy":
27: resource "google_compute_organization_security_policy" "policy" {
Error: Error creating AccessLevel: googleapi: Error 403: Caller does not have required permission to use project tef-olxyz. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=tef-olxyz and then retry. Propagation of the new permission may take a few minutes.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console IAM admin",
"url": "https://console.developers.google.com/iam-admin/iam/project?project=tef-olxyz"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/tef-olxyz",
"service": "accesscontextmanager.googleapis.com"
},
"reason": "USER_PROJECT_DENIED"
}
]
with module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level,
on .terraform/modules/restricted_shared_vpc.access_level_members/modules/access_level/main.tf line 21, in resource "google_access_context_manager_access_level" "access_level":
21: resource "google_access_context_manager_access_level" "access_level" {
ACM error on iam role - fixing
Error: Error creating AccessLevel: googleapi: Error 403: Caller does not have required permission to use project tef-olxyz. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=tef-olxyz and then retry. Propagation of the new permission may take a few minutes.
Service Usage Consumer missing from sa-terraform-net
sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com
see https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/379
wait 2 min for IAM propagation - retry apply
init
plan
Plan: 15 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: /home/michael/tef-olxyz/github/gcp-networks/tmp_plan/envs-shared.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "/home/michael/tef-olxyz/github/gcp-networks/tmp_plan/envs-shared.tfplan"
envs/production doesn't match shared; skipping
envs/non-production doesn't match shared; skipping
envs/development doesn't match shared; skipping
apply shared
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
At environment: envs/shared
***************************************************
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creating...
module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level: Creating...
module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 1s [id=accessPolicies/807865857747/accessLevels/alp_c_shared_restricted_members_67f1]
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 1s [id=accessPolicies/807865857747/servicePerimeters/sp_c_shared_restricted_default_perimeter_67f1]
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["127928059862"]: Creating...
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["127928059862"]: Creation complete after 1s [id=accessPolicies/807865857747/servicePerimeters/sp_c_shared_restricted_default_perimeter_67f1/projects/127928059862]
Error: Error creating OrganizationSecurityPolicy: googleapi: Error 400: Invalid value for field 'resource.displayName': 'common-firewall-rules-3q5s'. The display name is already used. Please choose another one, invalid
with module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy,
on ../../modules/hierarchical_firewall_policy/main.tf line 27, in resource "google_compute_organization_security_policy" "policy":
27: resource "google_compute_organization_security_policy" "policy" {
name = "common-firewall-rules"
The SA needs the role compute.orgSecurityPolicyAdmin or more recently compute.orgFirewallPolicyAdmin https://cloud.google.com/firewall/docs/firewall-policies#iam Compute Organization Firewall Policy Admin https://cloud.google.com/compute/docs/access/iam#compute.orgFirewallPolicyAdmin
name = "common-firewall-rules2"
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git diff
diff --git a/common.auto.tfvars b/common.auto.tfvars
index 5ee83f3..aa501e1 100644
--- a/common.auto.tfvars
+++ b/common.auto.tfvars
@@ -24,4 +24,5 @@ perimeter_additional_members = ["user:michael@obrienlabs.xyz"]
remote_state_bucket = "bkt-prj-b-seed-tfstate-7120"
-//enable_hub_and_spoke_transitivity = true
+#enable_hub_and_spoke_transitivity = true
+enable_hub_and_spoke_transitivity = false
diff --git a/envs/shared/hierarchical_firewall.tf b/envs/shared/hierarchical_firewall.tf
index ee1b0d1..d0ff931 100644
--- a/envs/shared/hierarchical_firewall.tf
+++ b/envs/shared/hierarchical_firewall.tf
@@ -18,7 +18,7 @@ module "hierarchical_firewall_policy" {
source = "../../modules/hierarchical_firewall_policy/"
parent = local.common_folder_name
- name = "common-firewall-rules"
+ name = "common-firewall-rules2"
associations = [
local.common_folder_name,
local.network_folder_name,
Terraform will perform the following actions:
# module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy will be created
+ resource "google_compute_organization_security_policy" "policy" {
+ display_name = "common-firewall-rules2-3q5s"
+ fingerprint = (known after apply)
+ id = (known after apply)
+ parent = "folders/96486704059"
+ policy_id = (known after apply)
+ type = "FIREWALL"
}
apply
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
At environment: envs/shared
***************************************************
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creating...
Error: Error waiting to create OrganizationSecurityPolicy: Error waiting for Creating OrganizationSecurityPolicy: error while retrieving operation: googleapi: Error 403: Compute Engine API has not been used in project tef-olxyz before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=tef-olxyz then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=tef-olxyz"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadatas": {
"consumer": "projects/tef-olxyz",
"service": "compute.googleapis.com"
},
"reason": "SERVICE_DISABLED"
}
]
, accessNotConfigured
with module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy,
on ../../modules/hierarchical_firewall_policy/main.tf line 27, in resource "google_compute_organization_security_policy" "policy":
27: resource "google_compute_organization_security_policy" "policy" {
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ gcloud services enable compute.googleapis.com
Operation "operations/acf.p2-438381210056-2415ed08-fad8-4333-8c8e-1017881efb60" finished successfully.
rename 3rd time
name = "common-firewall-rules3"
ichael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
At environment: envs/shared
***************************************************
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creation complete after 12s [id=locations/global/securityPolicies/638814738464]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/652472417643"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-egress"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/173484768969"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-iap-ssh-rdp"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/206926817949"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/353249398002"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-ingress"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-windows-activation"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/652472417643"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/173484768969"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-egress"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-iap-ssh-rdp"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/206926817949"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/353249398002"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-ingress"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-windows-activation"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/173484768969"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/652472417643"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/206926817949"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-egress"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-iap-ssh-rdp"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/353249398002"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-ingress"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-windows-activation"]: Still creating... [20s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/173484768969"]: Creation complete after 22s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/173484768969]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/96486704059"]: Creating...
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-egress"]: Creation complete after 27s [id=locations/global/securityPolicies/638814738464/priority/510]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-windows-activation"]: Creation complete after 27s [id=locations/global/securityPolicies/638814738464/priority/5100]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/652472417643"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-iap-ssh-rdp"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/206926817949"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/353249398002"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-ingress"]: Still creating... [30s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["delegate-rfc1918-ingress"]: Creation complete after 30s [id=locations/global/securityPolicies/638814738464/priority/500]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-iap-ssh-rdp"]: Creation complete after 30s [id=locations/global/securityPolicies/638814738464/priority/5000]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/96486704059"]: Still creating... [10s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/206926817949"]: Creation complete after 35s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/206926817949]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/96486704059"]: Creation complete after 15s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/96486704059]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/652472417643"]: Creation complete after 37s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/652472417643]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/353249398002"]: Creation complete after 39s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/353249398002]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Still creating... [40s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Still creating... [40s elapsed]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_association.association["folders/358902749545"]: Creation complete after 41s [id=locations/global/securityPolicies/638814738464/association/locations/global/securityPolicies/638814738464-folders/358902749545]
module.hierarchical_firewall_policy.google_compute_organization_security_policy_rule.rule["allow-google-hbs-and-hcs"]: Creation complete after 42s [id=locations/global/securityPolicies/638814738464/priority/5200]
Apply complete! Resources: 12 added, 0 changed, 0 destroyed.
Outputs:
dns_hub_project_id = "prj-c-dns-hub-6f4b"
envs/production doesn't match shared; skipping
envs/non-production doesn't match shared; skipping
envs/development doesn't match shared; skipping
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$
1841
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git diff
diff --git a/common.auto.tfvars b/common.auto.tfvars
index 5ee83f3..aa501e1 100644
--- a/common.auto.tfvars
+++ b/common.auto.tfvars
@@ -24,4 +24,5 @@ perimeter_additional_members = ["user:michael@obrienlabs.xyz"]
remote_state_bucket = "bkt-prj-b-seed-tfstate-7120"
-//enable_hub_and_spoke_transitivity = true
+#enable_hub_and_spoke_transitivity = true
+enable_hub_and_spoke_transitivity = false
diff --git a/envs/shared/hierarchical_firewall.tf b/envs/shared/hierarchical_firewall.tf
index ee1b0d1..fb1b737 100644
--- a/envs/shared/hierarchical_firewall.tf
+++ b/envs/shared/hierarchical_firewall.tf
@@ -18,7 +18,7 @@ module "hierarchical_firewall_policy" {
source = "../../modules/hierarchical_firewall_policy/"
parent = local.common_folder_name
- name = "common-firewall-rules"
+ name = "common-firewall-rules3"
associations = [
local.common_folder_name,
local.network_folder_name,
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git status
On branch plan
Changes to be committed:
(use "git restore --staged <file>..." to unstage)
modified: common.auto.tfvars
modified: envs/shared/hierarchical_firewall.tf
Untracked files:
(use "git add <file>..." to include in what will be committed)
envs/shared/.terraform.lock.hcl
tmp_plan/
ichael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git commit -m "adjust for firewall policy rename"
[plan 8408309] adjust for firewall policy rename
2 files changed, 3 insertions(+), 2 deletions(-)
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 116, done.
Counting objects: 100% (116/116), done.
Delta compression using up to 4 threads
Compressing objects: 100% (112/112), done.
Writing objects: 100% (116/116), 66.91 KiB | 3.72 MiB/s, done.
Total 116 (delta 60), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (60/60)
remote: Waiting for private key checker: 93/95 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-networks
* [new branch] plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
1858
27 projects so far
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git checkout -b production
Switched to a new branch 'production'
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git push origin production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-networks
* [new branch] production -> production
*
tep #4 - "tf apply": Apply complete! Resources: 66 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": access_context_manager_policy_id = 807865857747
Step #4 - "tf apply": base_host_project_id = "prj-p-shared-base-oae0"
Step #4 - "tf apply": base_network_name = "vpc-p-shared-base-spoke"
Step #4 - "tf apply": base_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/global/networks/vpc-p-shared-base-spoke"
Step #4 - "tf apply": base_subnets_ips = [
Step #4 - "tf apply": "10.1.192.0/18",
Step #4 - "tf apply": "10.19.6.0/23",
Step #4 - "tf apply": "10.0.192.0/18",
Step #4 - "tf apply": "10.18.6.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_names = [
Step #4 - "tf apply": "sb-p-shared-base-us-central1",
Step #4 - "tf apply": "sb-p-shared-base-us-central1-proxy",
Step #4 - "tf apply": "sb-p-shared-base-us-west1",
Step #4 - "tf apply": "sb-p-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.64.192.0/18"
Step #4 - "tf apply": "range_name" = "rn-p-shared-base-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.65.192.0/18"
Step #4 - "tf apply": "range_name" = "rn-p-shared-base-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-central1/subnetworks/sb-p-shared-base-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-central1/subnetworks/sb-p-shared-base-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-west1/subnetworks/sb-p-shared-base-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-west1/subnetworks/sb-p-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_access_level_name = "alp_p_shared_restricted_members_20f1"
Step #4 - "tf apply": restricted_host_project_id = "prj-p-shared-restricted-2pqc"
Step #4 - "tf apply": restricted_network_name = "vpc-p-shared-restricted-spoke"
Step #4 - "tf apply": restricted_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/global/networks/vpc-p-shared-restricted-spoke"
Step #4 - "tf apply": restricted_service_perimeter_name = "sp_p_shared_restricted_default_perimeter_20f1"
Step #4 - "tf apply": restricted_subnets_ips = [
Step #4 - "tf apply": "10.9.192.0/18",
Step #4 - "tf apply": "10.27.6.0/23",
Step #4 - "tf apply": "10.8.192.0/18",
Step #4 - "tf apply": "10.26.6.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_names = [
Step #4 - "tf apply": "sb-p-shared-restricted-us-central1",
Step #4 - "tf apply": "sb-p-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "sb-p-shared-restricted-us-west1",
Step #4 - "tf apply": "sb-p-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.72.192.0/18"
Step #4 - "tf apply": "range_name" = "rn-p-shared-restricted-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.73.192.0/18"
Step #4 - "tf apply": "range_name" = "rn-p-shared-restricted-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-central1/subnetworks/sb-p-shared-restricted-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-central1/subnetworks/sb-p-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-west1/subnetworks/sb-p-shared-restricted-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-west1/subnetworks/sb-p-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": envs/non-production doesn't match production; skipping
Step #4 - "tf apply": envs/development doesn't match production; skipping
Step #4 - "tf apply": policy-library/policies doesn't match production; skipping
Step #4 - "tf apply": policy-library/lib doesn't match production; skipping
Step #4 - "tf apply": policy-library/.git doesn't match production; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-production.tfplan [Content-Type=application/octet-stream]...
Copying file://tmp_plan/envs-shared.tfplan [Content-Type=application/octet-stream]...
/ [0/2 files][ 0.0 B/541.8 KiB] 0% Done
/ [0/2 files][ 0.0 B/541.8 KiB] 0% Done
/ [1/2 files][541.8 KiB/541.8 KiB] 99% Done
/ [2/2 files][541.8 KiB/541.8 KiB] 100% Done
Operation completed over 2 objects/541.8 KiB.
tmp_plan/*.tfplan: 2 matching files uploaded
3 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/2a3c9395-9adb-402a-9525-2cda39cf0442/
Uploading manifest artifacts-2a3c9395-9adb-402a-9525-2cda39cf0442.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/2a3c9395-9adb-402a-9525-2cda39cf0442/artifacts-2a3c9395-9adb-402a-9525-2cda39cf0442.json
DONE
expect 8 min cloud build duration
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git checkout -b development
fatal: A branch named 'development' already exists.
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git checkout development
Switched to branch 'development'
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git push origin development
Step #4 - "tf apply": Apply complete! Resources: 66 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": access_context_manager_policy_id = 807865857747
Step #4 - "tf apply": base_host_project_id = "prj-d-shared-base-nlqs"
Step #4 - "tf apply": base_network_name = "vpc-d-shared-base-spoke"
Step #4 - "tf apply": base_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/global/networks/vpc-d-shared-base-spoke"
Step #4 - "tf apply": base_subnets_ips = [
Step #4 - "tf apply": "10.1.64.0/18",
Step #4 - "tf apply": "10.19.2.0/23",
Step #4 - "tf apply": "10.0.64.0/18",
Step #4 - "tf apply": "10.18.2.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_names = [
Step #4 - "tf apply": "sb-d-shared-base-us-central1",
Step #4 - "tf apply": "sb-d-shared-base-us-central1-proxy",
Step #4 - "tf apply": "sb-d-shared-base-us-west1",
Step #4 - "tf apply": "sb-d-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.64.64.0/18"
Step #4 - "tf apply": "range_name" = "rn-d-shared-base-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.65.64.0/18"
Step #4 - "tf apply": "range_name" = "rn-d-shared-base-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-central1/subnetworks/sb-d-shared-base-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-central1/subnetworks/sb-d-shared-base-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-west1/subnetworks/sb-d-shared-base-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-west1/subnetworks/sb-d-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_access_level_name = "alp_d_shared_restricted_members_d036"
Step #4 - "tf apply": restricted_host_project_id = "prj-d-shared-restricted-j004"
Step #4 - "tf apply": restricted_network_name = "vpc-d-shared-restricted-spoke"
Step #4 - "tf apply": restricted_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/global/networks/vpc-d-shared-restricted-spoke"
Step #4 - "tf apply": restricted_service_perimeter_name = "sp_d_shared_restricted_default_perimeter_d036"
Step #4 - "tf apply": restricted_subnets_ips = [
Step #4 - "tf apply": "10.9.64.0/18",
Step #4 - "tf apply": "10.27.2.0/23",
Step #4 - "tf apply": "10.8.64.0/18",
Step #4 - "tf apply": "10.26.2.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_names = [
Step #4 - "tf apply": "sb-d-shared-restricted-us-central1",
Step #4 - "tf apply": "sb-d-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "sb-d-shared-restricted-us-west1",
Step #4 - "tf apply": "sb-d-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.72.64.0/18"
Step #4 - "tf apply": "range_name" = "rn-d-shared-restricted-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.73.64.0/18"
Step #4 - "tf apply": "range_name" = "rn-d-shared-restricted-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-central1/subnetworks/sb-d-shared-restricted-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-central1/subnetworks/sb-d-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-west1/subnetworks/sb-d-shared-restricted-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-west1/subnetworks/sb-d-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": policy-library/policies doesn't match development; skipping
Step #4 - "tf apply": policy-library/lib doesn't match development; skipping
Step #4 - "tf apply": policy-library/.git doesn't match development; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-development.tfplan [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/205.7 KiB] 0% Done
/ [1/1 files][205.7 KiB/205.7 KiB] 100% Done
Operation completed over 1 objects/205.7 KiB.
tmp_plan/*.tfplan: 1 matching files uploaded
2 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/fb4b5fd5-6575-4f8a-8dd3-d4a489bee8c9/
Uploading manifest artifacts-fb4b5fd5-6575-4f8a-8dd3-d4a489bee8c9.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/fb4b5fd5-6575-4f8a-8dd3-d4a489bee8c9/artifacts-fb4b5fd5-6575-4f8a-8dd3-d4a489bee8c9.json
DONE
6.5 min
1925
expect 8 min cloud build duration all 3 branches essentially the same - so will pass
Switched to a new branch 'non-production'
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ git push origin non-production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-networks
* [new branch] non-production -> non-production
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$
Step #4 - "tf apply": Apply complete! Resources: 66 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": access_context_manager_policy_id = 807865857747
Step #4 - "tf apply": base_host_project_id = "prj-n-shared-base-b12y"
Step #4 - "tf apply": base_network_name = "vpc-n-shared-base-spoke"
Step #4 - "tf apply": base_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-n-shared-base-b12y/global/networks/vpc-n-shared-base-spoke"
Step #4 - "tf apply": base_subnets_ips = [
Step #4 - "tf apply": "10.1.128.0/18",
Step #4 - "tf apply": "10.19.4.0/23",
Step #4 - "tf apply": "10.0.128.0/18",
Step #4 - "tf apply": "10.18.4.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_names = [
Step #4 - "tf apply": "sb-n-shared-base-us-central1",
Step #4 - "tf apply": "sb-n-shared-base-us-central1-proxy",
Step #4 - "tf apply": "sb-n-shared-base-us-west1",
Step #4 - "tf apply": "sb-n-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.64.128.0/18"
Step #4 - "tf apply": "range_name" = "rn-n-shared-base-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.65.128.0/18"
Step #4 - "tf apply": "range_name" = "rn-n-shared-base-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": base_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-base-b12y/regions/us-central1/subnetworks/sb-n-shared-base-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-base-b12y/regions/us-central1/subnetworks/sb-n-shared-base-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-base-b12y/regions/us-west1/subnetworks/sb-n-shared-base-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-base-b12y/regions/us-west1/subnetworks/sb-n-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_access_level_name = "alp_n_shared_restricted_members_380d"
Step #4 - "tf apply": restricted_host_project_id = "prj-n-shared-restricted-qnv6"
Step #4 - "tf apply": restricted_network_name = "vpc-n-shared-restricted-spoke"
Step #4 - "tf apply": restricted_network_self_link = "https://www.googleapis.com/compute/v1/projects/prj-n-shared-restricted-qnv6/global/networks/vpc-n-shared-restricted-spoke"
Step #4 - "tf apply": restricted_service_perimeter_name = "sp_n_shared_restricted_default_perimeter_380d"
Step #4 - "tf apply": restricted_subnets_ips = [
Step #4 - "tf apply": "10.9.128.0/18",
Step #4 - "tf apply": "10.27.4.0/23",
Step #4 - "tf apply": "10.8.128.0/18",
Step #4 - "tf apply": "10.26.4.0/23",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_names = [
Step #4 - "tf apply": "sb-n-shared-restricted-us-central1",
Step #4 - "tf apply": "sb-n-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "sb-n-shared-restricted-us-west1",
Step #4 - "tf apply": "sb-n-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_secondary_ranges = [
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.72.128.0/18"
Step #4 - "tf apply": "range_name" = "rn-n-shared-restricted-us-west1-gke-pod"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "ip_cidr_range" = "100.73.128.0/18"
Step #4 - "tf apply": "range_name" = "rn-n-shared-restricted-us-west1-gke-svc"
Step #4 - "tf apply": },
Step #4 - "tf apply": ]),
Step #4 - "tf apply": tolist([]),
Step #4 - "tf apply": ]
Step #4 - "tf apply": restricted_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-restricted-qnv6/regions/us-central1/subnetworks/sb-n-shared-restricted-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-restricted-qnv6/regions/us-central1/subnetworks/sb-n-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-restricted-qnv6/regions/us-west1/subnetworks/sb-n-shared-restricted-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-n-shared-restricted-qnv6/regions/us-west1/subnetworks/sb-n-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": envs/development doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/policies doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/lib doesn't match non-production; skipping
Step #4 - "tf apply": policy-library/.git doesn't match non-production; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/envs-non-production.tfplan [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/205.7 KiB] 0% Done
/ [1/1 files][205.7 KiB/205.7 KiB] 100% Done
Operation completed over 1 objects/205.7 KiB.
tmp_plan/*.tfplan: 1 matching files uploaded
2 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/1ff38c7a-453a-4a03-95e6-8424f757e3c7/
Uploading manifest artifacts-1ff38c7a-453a-4a03-95e6-8424f757e3c7.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-networks-build-artifacts/terraform/cloudbuild/apply/1ff38c7a-453a-4a03-95e6-8424f757e3c7/artifacts-1ff38c7a-453a-4a03-95e6-8424f757e3c7.json
DONE
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ echo $GOOGLE_IMPERSONATE_SERVICE_ACCOUNT
sa-terraform-net@prj-b-seed-8919.iam.gserviceaccount.com
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ unset GOOGLE_IMPERSONATE_SERVICE_ACCOUNT
michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$
Move to 4-projects for BU1 and 2
michael@cloudshell:~ (tef-olxyz)$ cd tef-olxyz/
michael@cloudshell:~/tef-olxyz (tef-olxyz)$ cd github/
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ ls
gcp-bootstrap gcp-environments gcp-networks gcp-org gcp-policies _pbmm-gh360-day0-deploy-example pbmm-on-gcp-onboarding
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID}
prj-b-cicd-82vv
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ ls
gcp-bootstrap gcp-environments gcp-networks gcp-org gcp-policies _pbmm-gh360-day0-deploy-example pbmm-on-gcp-onboarding
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-projects --project=${CLOUD_BUILD_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-projects'...
warning: You appear to have cloned an empty repository.
Project [prj-b-cicd-82vv] repository [gcp-projects] was cloned to [/home/michael/tef-olxyz/github/gcp-projects].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-projects
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/4-projects/ .
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
per-session terraform downgrade
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ ls ../../
github README.md terraform terraform_1.3.10_linux_amd64.zip
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ sudo cp ../../terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/4-projects/README.md
@nbugden thank you for the bucket names fix Merge in 63 character bucket naming standard fix indirectly via the next terraform init - that pull in in the latest generated terraform-google-provider via the magic modules compile
https://github.com/GoogleCloudPlatform/magic-modules/pull/10426 for https://github.com/hashicorp/terraform-provider-google/issues/17831
following previous pr https://github.com/terraform-google-modules/terraform-google-cloud-storage/pull/308
closes https://github.com/terraform-google-modules/terraform-example-foundation/issues/1169 https://github.com/terraform-google-modules/terraform-google-cloud-storage/issues/307
upgrade the provider on the next init (1.3.10) and 1.6 (we are not using the default 1.7.5 yet) https://github.com/hashicorp/terraform-provider-google?tab=readme-ov-file#upgrading-the-provider
terraform init -upgrade
Sync procedure jira needed for https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/376
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git commit -m 'Initialize projects repo'
[master (root-commit) 9a3066e] Initialize projects repo
100 files changed, 5053 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 business_unit_1/development/README.md
create mode 100644 business_unit_1/development/backend.tf
create mode 100644 business_unit_1/development/backend.tf.cloud.example
create mode 120000 business_unit_1/development/common.auto.tfvars
create mode 120000 business_unit_1/development/development.auto.tfvars
create mode 100644 business_unit_1/development/main.tf
create mode 100644 business_unit_1/development/outputs.tf
create mode 100644 business_unit_1/development/variables.tf
create mode 100644 business_unit_1/non-production/README.md
create mode 100644 business_unit_1/non-production/backend.tf
create mode 100644 business_unit_1/non-production/backend.tf.cloud.example
create mode 120000 business_unit_1/non-production/common.auto.tfvars
create mode 100644 business_unit_1/non-production/main.tf
create mode 120000 business_unit_1/non-production/non-production.auto.tfvars
create mode 100644 business_unit_1/non-production/outputs.tf
create mode 100644 business_unit_1/non-production/variables.tf
create mode 100644 business_unit_1/production/README.md
create mode 100644 business_unit_1/production/backend.tf
create mode 100644 business_unit_1/production/backend.tf.cloud.example
create mode 120000 business_unit_1/production/common.auto.tfvars
create mode 100644 business_unit_1/production/main.tf
create mode 100644 business_unit_1/production/outputs.tf
create mode 120000 business_unit_1/production/production.auto.tfvars
create mode 100644 business_unit_1/production/variables.tf
create mode 100644 business_unit_1/shared/README.md
create mode 100644 business_unit_1/shared/backend.tf
create mode 100644 business_unit_1/shared/backend.tf.cloud.example
create mode 120000 business_unit_1/shared/common.auto.tfvars
create mode 100644 business_unit_1/shared/example_infra_pipeline.tf
create mode 100644 business_unit_1/shared/outputs.tf
create mode 100644 business_unit_1/shared/remote.tf
create mode 100644 business_unit_1/shared/remote.tf.cloud.example
create mode 120000 business_unit_1/shared/shared.auto.tfvars
create mode 100644 business_unit_1/shared/variables.tf
create mode 100644 business_unit_2/development/README.md
create mode 100644 business_unit_2/development/backend.tf
create mode 100644 business_unit_2/development/backend.tf.cloud.example
create mode 120000 business_unit_2/development/common.auto.tfvars
create mode 120000 business_unit_2/development/development.auto.tfvars
create mode 100644 business_unit_2/development/main.tf
create mode 100644 business_unit_2/development/outputs.tf
create mode 100644 business_unit_2/development/variables.tf
create mode 100644 business_unit_2/non-production/README.md
create mode 100644 business_unit_2/non-production/backend.tf
create mode 100644 business_unit_2/non-production/backend.tf.cloud.example
create mode 120000 business_unit_2/non-production/common.auto.tfvars
create mode 100644 business_unit_2/non-production/main.tf
create mode 120000 business_unit_2/non-production/non-production.auto.tfvars
create mode 100644 business_unit_2/non-production/outputs.tf
create mode 100644 business_unit_2/non-production/variables.tf
create mode 100644 business_unit_2/production/README.md
create mode 100644 business_unit_2/production/backend.tf
create mode 100644 business_unit_2/production/backend.tf.cloud.example
create mode 120000 business_unit_2/production/common.auto.tfvars
create mode 100644 business_unit_2/production/main.tf
create mode 100644 business_unit_2/production/outputs.tf
create mode 120000 business_unit_2/production/production.auto.tfvars
create mode 100644 business_unit_2/production/variables.tf
create mode 100644 business_unit_2/shared/README.md
create mode 100644 business_unit_2/shared/backend.tf
create mode 100644 business_unit_2/shared/backend.tf.cloud.example
create mode 120000 business_unit_2/shared/common.auto.tfvars
create mode 100644 business_unit_2/shared/example_infra_pipeline.tf
create mode 100644 business_unit_2/shared/outputs.tf
create mode 100644 business_unit_2/shared/remote.tf
create mode 100644 business_unit_2/shared/remote.tf.cloud.example
create mode 120000 business_unit_2/shared/shared.auto.tfvars
create mode 100644 business_unit_2/shared/variables.tf
create mode 100644 cloudbuild-tf-apply.yaml
create mode 100644 cloudbuild-tf-plan.yaml
create mode 100644 common.auto.tfvars
create mode 100644 development.auto.tfvars
create mode 100644 modules/base_env/README.md
create mode 100644 modules/base_env/business_unit_folder.tf
create mode 100644 modules/base_env/example_base_shared_vpc_project.tf
create mode 100644 modules/base_env/example_floating_project.tf
create mode 100644 modules/base_env/example_peering_project.tf
create mode 100644 modules/base_env/example_restricted_shared_vpc_project.tf
create mode 100644 modules/base_env/example_storage_cmek.tf
create mode 100644 modules/base_env/outputs.tf
create mode 100644 modules/base_env/remote.tf
create mode 100644 modules/base_env/remote.tf.cloud.example
create mode 100644 modules/base_env/variables.tf
create mode 100644 modules/base_env/versions.tf
create mode 100644 modules/infra_pipelines/README.md
create mode 100644 modules/infra_pipelines/main.tf
create mode 100644 modules/infra_pipelines/outputs.tf
create mode 100644 modules/infra_pipelines/variables.tf
create mode 100644 modules/infra_pipelines/versions.tf
create mode 100644 modules/single_project/README.md
create mode 100644 modules/single_project/main.tf
create mode 100644 modules/single_project/outputs.tf
create mode 100644 modules/single_project/variables.tf
create mode 100644 modules/single_project/versions.tf
create mode 100644 non-production.auto.tfvars
create mode 100644 production.auto.tfvars
create mode 100644 shared.auto.tfvars
create mode 100755 tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ echo ${CLOUD_BUILD_PROJECT_ID}
prj-b-cicd-82vv
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ sudo cp ../../terraform /usr/bin/
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=$(terraform -chdir="../pbmm-on-gcp-onboarding/0-bootstrap/" output -raw projects_step_terraform_service_account_email)
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ echo ${GOOGLE_IMPERSONATE_SERVICE_ACCOUNT}
sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ ./tf-wrapper.sh init shared
*************** TERRAFORM INIT *******************
At environment: business_unit_2/shared
**************************************************
Initializing modules...
- app_infra_cloudbuild_project in ../../modules/single_project
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for app_infra_cloudbuild_project.project...
- app_infra_cloudbuild_project.project in .terraform/modules/app_infra_cloudbuild_project.project
- app_infra_cloudbuild_project.project.budget in .terraform/modules/app_infra_cloudbuild_project.project/modules/budget
- app_infra_cloudbuild_project.project.essential_contacts in .terraform/modules/app_infra_cloudbuild_project.project/modules/essential_contacts
- app_infra_cloudbuild_project.project.gsuite_group in .terraform/modules/app_infra_cloudbuild_project.project/modules/gsuite_group
- app_infra_cloudbuild_project.project.project-factory in .terraform/modules/app_infra_cloudbuild_project.project/modules/core_project_factory
- app_infra_cloudbuild_project.project.project-factory.project_services in .terraform/modules/app_infra_cloudbuild_project.project/modules/project_services
- app_infra_cloudbuild_project.project.quotas in .terraform/modules/app_infra_cloudbuild_project.project/modules/quota_manager
- app_infra_cloudbuild_project.project.shared_vpc_access in .terraform/modules/app_infra_cloudbuild_project.project/modules/shared_vpc_access
- infra_pipelines in ../../modules/infra_pipelines
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.2.0 for infra_pipelines.tf_workspace...
- infra_pipelines.tf_workspace in .terraform/modules/infra_pipelines.tf_workspace/modules/tf_cloudbuild_workspace
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.artifacts_bucket...
- infra_pipelines.tf_workspace.artifacts_bucket in .terraform/modules/infra_pipelines.tf_workspace.artifacts_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.log_bucket...
- infra_pipelines.tf_workspace.log_bucket in .terraform/modules/infra_pipelines.tf_workspace.log_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.state_bucket...
- infra_pipelines.tf_workspace.state_bucket in .terraform/modules/infra_pipelines.tf_workspace.state_bucket/modules/simple_bucket
Initializing the backend...
Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- terraform.io/builtin/terraform is built in to Terraform
- Finding hashicorp/google versions matching ">= 3.43.0, >= 3.50.0, >= 3.64.0, >= 4.17.0, >= 4.28.0, != 4.31.0, >= 4.46.0, < 6.0.0"...
- Finding hashicorp/google-beta versions matching ">= 3.43.0, >= 3.50.0, >= 3.64.0, >= 4.11.0, >= 4.17.0, >= 4.28.0, != 4.31.0, < 6.0.0"...
- Finding hashicorp/time versions matching ">= 0.5.0"...
- Finding hashicorp/random versions matching ">= 2.2.0"...
- Finding hashicorp/null versions matching ">= 2.1.0"...
- Installing hashicorp/google v5.25.0...
- Installed hashicorp/google v5.25.0 (signed by HashiCorp)
- Installing hashicorp/google-beta v5.25.0...
- Installed hashicorp/google-beta v5.25.0 (signed by HashiCorp)
- Installing hashicorp/time v0.11.1...
- Installed hashicorp/time v0.11.1 (signed by HashiCorp)
- Installing hashicorp/random v3.6.1...
- Installed hashicorp/random v3.6.1 (signed by HashiCorp)
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
business_unit_2/production doesn't match shared; skipping
business_unit_2/non-production doesn't match shared; skipping
business_unit_2/development doesn't match shared; skipping
*************** TERRAFORM INIT *******************
At environment: business_unit_1/shared
**************************************************
Initializing modules...
- app_infra_cloudbuild_project in ../../modules/single_project
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for app_infra_cloudbuild_project.project...
- app_infra_cloudbuild_project.project in .terraform/modules/app_infra_cloudbuild_project.project
- app_infra_cloudbuild_project.project.budget in .terraform/modules/app_infra_cloudbuild_project.project/modules/budget
- app_infra_cloudbuild_project.project.essential_contacts in .terraform/modules/app_infra_cloudbuild_project.project/modules/essential_contacts
- app_infra_cloudbuild_project.project.gsuite_group in .terraform/modules/app_infra_cloudbuild_project.project/modules/gsuite_group
- app_infra_cloudbuild_project.project.project-factory in .terraform/modules/app_infra_cloudbuild_project.project/modules/core_project_factory
- app_infra_cloudbuild_project.project.project-factory.project_services in .terraform/modules/app_infra_cloudbuild_project.project/modules/project_services
- app_infra_cloudbuild_project.project.quotas in .terraform/modules/app_infra_cloudbuild_project.project/modules/quota_manager
- app_infra_cloudbuild_project.project.shared_vpc_access in .terraform/modules/app_infra_cloudbuild_project.project/modules/shared_vpc_access
- infra_pipelines in ../../modules/infra_pipelines
Downloading registry.terraform.io/terraform-google-modules/bootstrap/google 7.2.0 for infra_pipelines.tf_workspace...
- infra_pipelines.tf_workspace in .terraform/modules/infra_pipelines.tf_workspace/modules/tf_cloudbuild_workspace
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.artifacts_bucket...
- infra_pipelines.tf_workspace.artifacts_bucket in .terraform/modules/infra_pipelines.tf_workspace.artifacts_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.log_bucket...
- infra_pipelines.tf_workspace.log_bucket in .terraform/modules/infra_pipelines.tf_workspace.log_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 5.0.0 for infra_pipelines.tf_workspace.state_bucket...
- infra_pipelines.tf_workspace.state_bucket in .terraform/modules/infra_pipelines.tf_workspace.state_bucket/modules/simple_bucket
Initializing the backend...
Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- terraform.io/builtin/terraform is built in to Terraform
- Finding hashicorp/google versions matching ">= 3.43.0, >= 3.50.0, >= 3.64.0, >= 4.17.0, >= 4.28.0, != 4.31.0, >= 4.46.0, < 6.0.0"...
- Finding hashicorp/google-beta versions matching ">= 3.43.0, >= 3.50.0, >= 3.64.0, >= 4.11.0, >= 4.17.0, >= 4.28.0, != 4.31.0, < 6.0.0"...
- Finding hashicorp/time versions matching ">= 0.5.0"...
- Finding hashicorp/null versions matching ">= 2.1.0"...
- Finding hashicorp/random versions matching ">= 2.2.0"...
- Installing hashicorp/google v5.25.0...
- Installed hashicorp/google v5.25.0 (signed by HashiCorp)
- Installing hashicorp/google-beta v5.25.0...
- Installed hashicorp/google-beta v5.25.0 (signed by HashiCorp)
- Installing hashicorp/time v0.11.1...
- Installed hashicorp/time v0.11.1 (signed by HashiCorp)
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
- Installing hashicorp/random v3.6.1...
- Installed hashicorp/random v3.6.1 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
business_unit_1/production doesn't match shared; skipping
business_unit_1/non-production doesn't match shared; skipping
business_unit_1/development doesn't match shared; skipping
plan
Plan: 35 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ apply_triggers_id = (known after apply)
+ artifact_buckets = (known after apply)
+ cloudbuild_project_id = (known after apply)
+ default_region = "us-central1"
+ enable_cloudbuild_deploy = true
+ log_buckets = (known after apply)
+ plan_triggers_id = (known after apply)
+ repos = [
+ "bu1-example-app",
]
+ state_buckets = (known after apply)
+ terraform_service_accounts = (known after apply)
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: /home/michael/tef-olxyz/github/gcp-projects/tmp_plan/business_unit_1-shared.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "/home/michael/tef-olxyz/github/gcp-projects/tmp_plan/business_unit_1-shared.tfplan"
business_unit_1/production doesn't match shared; skipping
business_unit_1/non-production doesn't match shared; skipping
business_unit_1/development doesn't match shared; skipping
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ ./tf-wrapper.sh plan shared
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
At environment: business_unit_2/shared
***************************************************
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_id.random_project_id_suffix: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_string.random_project_id_suffix[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_id.random_project_id_suffix: Creation complete after 0s [id=4Es]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_string.random_project_id_suffix[0]: Creation complete after 0s [id=zl31]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [30s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [40s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [50s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Creation complete after 59s [id=projects/prj-c-bu2infra-pipeline-zl31]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_service_account.default_service_account[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 2s [id=projects/prj-c-bu2infra-pipeline-zl31/serviceAccounts/project-service-account@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/artifactregistry.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/cloudkms.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/cloudbuild.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/billingbudgets.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/sourcerepo.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/iam.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creation complete after 22s [id=prj-c-bu2infra-pipeline-zl31/cloudresourcemanager.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.budget.data.google_project.project[0]: Reading...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
module.infra_pipelines[0].google_sourcerepo_repository.app_infra_repo["bu2-example-app"]: Creating...
module.infra_pipelines[0].google_sourcerepo_repository.gcp_policies: Creating...
module.infra_pipelines[0].google_storage_bucket.cloudbuild_bucket: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 0s [id=projects/prj-c-bu2infra-pipeline-zl31]
module.app_infra_cloudbuild_project[0].module.project.module.budget.data.google_project.project[0]: Read complete after 0s [id=projects/prj-c-bu2infra-pipeline-zl31]
module.app_infra_cloudbuild_project[0].module.project.module.budget.google_billing_budget.budget[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.budget.google_billing_budget.budget[0]: Creation complete after 1s [id=billingAccounts/01BCCE-4EC0EE-DC58C8/budgets/185ebabc-bad3-4d8e-a44e-117d21f8ee24]
module.infra_pipelines[0].google_storage_bucket.cloudbuild_bucket: Creation complete after 1s [id=prj-c-bu2infra-pipeline-zl31_cloudbuild]
module.infra_pipelines[0].google_sourcerepo_repository.gcp_policies: Creation complete after 2s [id=projects/prj-c-bu2infra-pipeline-zl31/repos/gcp-policies]
module.infra_pipelines[0].google_sourcerepo_repository.app_infra_repo["bu2-example-app"]: Creation complete after 3s [id=projects/prj-c-bu2infra-pipeline-zl31/repos/bu2-example-app]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].data.google_project.cloudbuild_project[0]: Reading...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account.cb_sa[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].module.log_bucket.google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].module.artifacts_bucket.google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].module.state_bucket[0].google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-c-bu2infra-pipeline-zl31]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_project_iam_member.pool_user[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account.cb_sa[0]: Creation complete after 1s [id=projects/prj-c-bu2infra-pipeline-zl31/serviceAccounts/sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_project_iam_member.cb_sa_logging: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_service_agent_impersonate[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_sourcerepo_repository_iam_member.member[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].module.log_bucket.google_storage_bucket.bucket: Creation complete after 2s [id=bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-logs]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.log_admin: Creating...
xample-app-state]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.state_admin: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].module.artifacts_bucket.google_storage_bucket.bucket: Creation complete after 3s [id=bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-artifacts]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-c-bu2infra-pipeline-zl31/triggers/78ecd0cb-8baf-4010-b849-4026c499bb4d]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 0s [id=projects/prj-c-bu2infra-pipeline-zl31/triggers/e2c1c660-ae1f-438d-9f27-03e163e63baf]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_service_agent_impersonate[0]: Creation complete after 4s [id=projects/prj-c-bu2infra-pipeline-zl31/serviceAccounts/sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:service-791678989149@gcp-sa-cloudbuild.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_sourcerepo_repository_iam_member.member[0]: Creation complete after 4s [id=projects/prj-c-bu2infra-pipeline-zl31/repos/bu2-example-app/roles/viewer/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-logs/roles/storage.admin/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.state_admin: Creation complete after 4s [id=b/bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-state/roles/storage.admin/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 5s [id=b/bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-artifacts/roles/storage.admin/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_project_iam_member.pool_user[0]: Creation complete after 8s [id=prj-b-cicd-82vv/roles/cloudbuild.workerPoolUser/serviceAccount:791678989149@cloudbuild.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_project_iam_member.cb_sa_logging: Creation complete after 8s [id=prj-c-bu2infra-pipeline-zl31/roles/logging.logWriter/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Still creating... [10s elapsed]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Still creating... [10s elapsed]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 12s [id=projects/prj-c-bu2infra-pipeline-zl31/serviceAccounts/sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu2-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 12s [id=projects/prj-c-bu2infra-pipeline-zl31/serviceAccounts/sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].google_storage_bucket_iam_member.tf_state["bu2-example-app"]: Creating...
module.infra_pipelines[0].google_organization_iam_member.browser["bu2-example-app"]: Creating...
module.infra_pipelines[0].google_sourcerepo_repository_iam_member.member["bu2-example-app"]: Creating...
module.infra_pipelines[0].google_artifact_registry_repository_iam_member.terraform-image-iam["bu2-example-app"]: Creating...
module.infra_pipelines[0].google_sourcerepo_repository_iam_member.member["bu2-example-app"]: Creation complete after 4s [id=projects/prj-c-bu2infra-pipeline-zl31/repos/gcp-policies/roles/viewer/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].google_organization_iam_member.browser["bu2-example-app"]: Creation complete after 4s [id=1064386348915/roles/browser/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].google_storage_bucket_iam_member.tf_state["bu2-example-app"]: Creation complete after 4s [id=b/bkt-prj-b-seed-8919-gcp-projects-tfstate/roles/storage.objectViewer/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
module.infra_pipelines[0].google_artifact_registry_repository_iam_member.terraform-image-iam["bu2-example-app"]: Creation complete after 5s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com]
Apply complete! Resources: 35 added, 0 changed, 0 destroyed.
Outputs:
apply_triggers_id = [
"projects/prj-c-bu2infra-pipeline-zl31/triggers/e2c1c660-ae1f-438d-9f27-03e163e63baf",
]
artifact_buckets = {
"bu2-example-app" = "bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-artifacts"
}
cloudbuild_project_id = "prj-c-bu2infra-pipeline-zl31"
default_region = "us-central1"
enable_cloudbuild_deploy = true
log_buckets = {
"bu2-example-app" = "bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-logs"
}
plan_triggers_id = [
"projects/prj-c-bu2infra-pipeline-zl31/triggers/78ecd0cb-8baf-4010-b849-4026c499bb4d",
]
repos = toset([
"bu2-example-app",
])
state_buckets = {
"bu2-example-app" = "bkt-prj-c-bu2infra-pipeline-zl31-bu2-example-app-state"
}
terraform_service_accounts = {
"bu2-example-app" = "sa-tf-cb-bu2-example-app@prj-c-bu2infra-pipeline-zl31.iam.gserviceaccount.com"
}
business_unit_2/production doesn't match shared; skipping
business_unit_2/non-production doesn't match shared; skipping
business_unit_2/development doesn't match shared; skipping
*************** TERRAFORM APPLY *******************
At environment: business_unit_1/shared
***************************************************
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_id.random_project_id_suffix: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_id.random_project_id_suffix: Creation complete after 0s [id=5F0]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_string.random_project_id_suffix[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.random_string.random_project_id_suffix[0]: Creation complete after 0s [id=iap1]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [30s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [40s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Still creating... [50s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project.main: Creation complete after 58s [id=projects/prj-c-bu1infra-pipeline-iap1]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_service_account.default_service_account[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_service_account.default_service_account[0]: Creation complete after 2s [id=projects/prj-c-bu1infra-pipeline-iap1/serviceAccounts/project-service-account@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Still creating... [10s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Still creating... [20s elapsed]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["artifactregistry.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/artifactregistry.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudbuild.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/cloudbuild.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudresourcemanager.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/cloudresourcemanager.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["cloudkms.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/cloudkms.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["iam.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/iam.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["billingbudgets.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/billingbudgets.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.module.project_services.google_project_service.project_services["sourcerepo.googleapis.com"]: Creation complete after 22s [id=prj-c-bu1infra-pipeline-iap1/sourcerepo.googleapis.com]
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.budget.data.google_project.project[0]: Reading...
module.infra_pipelines[0].google_sourcerepo_repository.gcp_policies: Creating...
module.infra_pipelines[0].google_sourcerepo_repository.app_infra_repo["bu1-example-app"]: Creating...
module.infra_pipelines[0].google_storage_bucket.cloudbuild_bucket: Creating...
module.app_infra_cloudbuild_project[0].module.project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0]: Creation complete after 1s [id=projects/prj-c-bu1infra-pipeline-iap1]
module.app_infra_cloudbuild_project[0].module.project.module.budget.data.google_project.project[0]: Read complete after 1s [id=projects/prj-c-bu1infra-pipeline-iap1]
module.app_infra_cloudbuild_project[0].module.project.module.budget.google_billing_budget.budget[0]: Creating...
module.infra_pipelines[0].google_storage_bucket.cloudbuild_bucket: Creation complete after 1s [id=prj-c-bu1infra-pipeline-iap1_cloudbuild]
module.app_infra_cloudbuild_project[0].module.project.module.budget.google_billing_budget.budget[0]: Creation complete after 0s [id=billingAccounts/01BCCE-4EC0EE-DC58C8/budgets/10f7c651-2ccd-4b06-99ed-3acf8d096caa]
module.infra_pipelines[0].google_sourcerepo_repository.gcp_policies: Creation complete after 4s [id=projects/prj-c-bu1infra-pipeline-iap1/repos/gcp-policies]
module.infra_pipelines[0].google_sourcerepo_repository.app_infra_repo["bu1-example-app"]: Creation complete after 4s [id=projects/prj-c-bu1infra-pipeline-iap1/repos/bu1-example-app]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].data.google_project.cloudbuild_project[0]: Reading...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account.cb_sa[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.log_bucket.google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.state_bucket[0].google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.artifacts_bucket.google_storage_bucket.bucket: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].data.google_project.cloudbuild_project[0]: Read complete after 0s [id=projects/prj-c-bu1infra-pipeline-iap1]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_project_iam_member.pool_user[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account.cb_sa[0]: Creation complete after 1s [id=projects/prj-c-bu1infra-pipeline-iap1/serviceAccounts/sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_project_iam_member.cb_sa_logging: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_sourcerepo_repository_iam_member.member[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_service_agent_impersonate[0]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.state_bucket[0].google_storage_bucket.bucket: Creation complete after 2s [id=bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-state]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.state_admin: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.log_bucket.google_storage_bucket.bucket: Creation complete after 3s [id=bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-logs]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.log_admin: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].module.artifacts_bucket.google_storage_bucket.bucket: Creation complete after 3s [id=bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-artifacts]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.artifacts_admin: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_cloudbuild_trigger.triggers["apply"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_cloudbuild_trigger.triggers["apply"]: Creation complete after 0s [id=projects/prj-c-bu1infra-pipeline-iap1/triggers/5f6a2213-685e-4348-9f5d-21725f3a4290]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_cloudbuild_trigger.triggers["plan"]: Creating...
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_cloudbuild_trigger.triggers["plan"]: Creation complete after 1s [id=projects/prj-c-bu1infra-pipeline-iap1/triggers/fb552c33-3cdf-495f-8afc-aa1e91cf3103]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountUser"]: Creation complete after 4s [id=projects/prj-c-bu1infra-pipeline-iap1/serviceAccounts/sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com/roles/iam.serviceAccountUser/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_sourcerepo_repository_iam_member.member[0]: Creation complete after 4s [id=projects/prj-c-bu1infra-pipeline-iap1/repos/bu1-example-app/roles/viewer/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.state_admin: Creation complete after 5s [id=b/bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-state/roles/storage.admin/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.log_admin: Creation complete after 4s [id=b/bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-logs/roles/storage.admin/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_storage_bucket_iam_member.artifacts_admin: Creation complete after 4s [id=b/bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-artifacts/roles/storage.admin/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_project_iam_member.pool_user[0]: Creation complete after 8s [id=prj-b-cicd-82vv/roles/cloudbuild.workerPoolUser/serviceAccount:406184153674@cloudbuild.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_project_iam_member.cb_sa_logging: Creation complete after 8s [id=prj-c-bu1infra-pipeline-iap1/roles/logging.logWriter/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_service_agent_impersonate[0]: Still creating... [10s elapsed]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Still creating... [10s elapsed]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_sa_self["roles/iam.serviceAccountTokenCreator"]: Creation complete after 12s [id=projects/prj-c-bu1infra-pipeline-iap1/serviceAccounts/sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].module.tf_workspace["bu1-example-app"].google_service_account_iam_member.cb_service_agent_impersonate[0]: Creation complete after 12s [id=projects/prj-c-bu1infra-pipeline-iap1/serviceAccounts/sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:service-406184153674@gcp-sa-cloudbuild.iam.gserviceaccount.com]
module.infra_pipelines[0].google_sourcerepo_repository_iam_member.member["bu1-example-app"]: Creating...
module.infra_pipelines[0].google_organization_iam_member.browser["bu1-example-app"]: Creating...
module.infra_pipelines[0].google_storage_bucket_iam_member.tf_state["bu1-example-app"]: Creating...
module.infra_pipelines[0].google_artifact_registry_repository_iam_member.terraform-image-iam["bu1-example-app"]: Creating...
module.infra_pipelines[0].google_sourcerepo_repository_iam_member.member["bu1-example-app"]: Creation complete after 4s [id=projects/prj-c-bu1infra-pipeline-iap1/repos/gcp-policies/roles/viewer/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].google_organization_iam_member.browser["bu1-example-app"]: Creation complete after 4s [id=1064386348915/roles/browser/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].google_storage_bucket_iam_member.tf_state["bu1-example-app"]: Creation complete after 4s [id=b/bkt-prj-b-seed-8919-gcp-projects-tfstate/roles/storage.objectViewer/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
module.infra_pipelines[0].google_artifact_registry_repository_iam_member.terraform-image-iam["bu1-example-app"]: Creation complete after 5s [id=projects/prj-b-cicd-82vv/locations/us-central1/repositories/tf-runners/roles/artifactregistry.reader/serviceAccount:sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com]
Apply complete! Resources: 35 added, 0 changed, 0 destroyed.
Outputs:
apply_triggers_id = [
"projects/prj-c-bu1infra-pipeline-iap1/triggers/5f6a2213-685e-4348-9f5d-21725f3a4290",
]
artifact_buckets = {
"bu1-example-app" = "bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-artifacts"
}
cloudbuild_project_id = "prj-c-bu1infra-pipeline-iap1"
default_region = "us-central1"
enable_cloudbuild_deploy = true
log_buckets = {
"bu1-example-app" = "bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-logs"
}
plan_triggers_id = [
"projects/prj-c-bu1infra-pipeline-iap1/triggers/fb552c33-3cdf-495f-8afc-aa1e91cf3103",
]
repos = toset([
"bu1-example-app",
])
state_buckets = {
"bu1-example-app" = "bkt-prj-c-bu1infra-pipeline-iap1-bu1-example-app-state"
}
terraform_service_accounts = {
"bu1-example-app" = "sa-tf-cb-bu1-example-app@prj-c-bu1infra-pipeline-iap1.iam.gserviceaccount.com"
}
business_unit_1/production doesn't match shared; skipping
business_unit_1/non-production doesn't match shared; skipping
business_unit_1/development doesn't match shared; skipping
both business units up for shared
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push --set-upstream origin plan
error: src refspec plan does not match any
error: failed to push some refs to 'https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects'
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push --set-upstream origin plan
error: src refspec plan does not match any
error: failed to push some refs to 'https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects'
I forgot to checkout plan
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push --set-upstream origin plan
error: src refspec plan does not match any
error: failed to push some refs to 'https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects'
fixing
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git branch --unset-upstream
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git status
On branch master
Untracked files:
(use "git add <file>..." to include in what will be committed)
business_unit_1/shared/.terraform.lock.hcl
business_unit_2/shared/.terraform.lock.hcl
tmp_plan/
nothing added to commit but untracked files present (use "git add" to track)
Create plan branch - retain changes
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ ls
business_unit_1 cloudbuild-tf-apply.yaml common.auto.tfvars modules production.auto.tfvars shared.auto.tfvars tmp_plan
business_unit_2 cloudbuild-tf-plan.yaml development.auto.tfvars non-production.auto.tfvars README.md tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git status
On branch plan
Untracked files:
(use "git add <file>..." to include in what will be committed)
business_unit_1/shared/.terraform.lock.hcl
business_unit_2/shared/.terraform.lock.hcl
tmp_plan/
nothing added to commit but untracked files present (use "git add" to track)
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 85, done.
Counting objects: 100% (85/85), done.
Delta compression using up to 4 threads
Compressing objects: 100% (80/80), done.
Writing objects: 100% (85/85), 37.68 KiB | 2.09 MiB/s, done.
Total 85 (delta 47), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (47/47)
remote: Waiting for private key checker: 69/69 objects left
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects
* [new branch] plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
Step #1 - "tf plan validate all": Plan: 101 to add, 0 to change, 0 to destroy.
Step #1 - "tf plan validate all":
Step #1 - "tf plan validate all": Changes to Outputs:
Step #1 - "tf plan validate all": + access_context_manager_policy_id = 807865857747
Step #1 - "tf plan validate all": + base_shared_vpc_project = (known after apply)
Step #1 - "tf plan validate all": + base_shared_vpc_project_sa = (known after apply)
Step #1 - "tf plan validate all": + base_subnets_self_links = [
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-central1/subnetworks/sb-p-shared-base-us-central1",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-central1/subnetworks/sb-p-shared-base-us-central1-proxy",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-west1/subnetworks/sb-p-shared-base-us-west1",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/regions/us-west1/subnetworks/sb-p-shared-base-us-west1-proxy",
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + bucket = {
Step #1 - "tf plan validate all": + autoclass = [
Step #1 - "tf plan validate all": + {
Step #1 - "tf plan validate all": + enabled = false
Step #1 - "tf plan validate all": + terminal_storage_class = (known after apply)
Step #1 - "tf plan validate all": },
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + cors = []
Step #1 - "tf plan validate all": + custom_placement_config = []
Step #1 - "tf plan validate all": + default_event_based_hold = null
Step #1 - "tf plan validate all": + effective_labels = (known after apply)
Step #1 - "tf plan validate all": + enable_object_retention = null
Step #1 - "tf plan validate all": + encryption = [
Step #1 - "tf plan validate all": + {
Step #1 - "tf plan validate all": + default_kms_key_name = (known after apply)
Step #1 - "tf plan validate all": },
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + force_destroy = false
Step #1 - "tf plan validate all": + id = (known after apply)
Step #1 - "tf plan validate all": + labels = null
Step #1 - "tf plan validate all": + lifecycle_rule = []
Step #1 - "tf plan validate all": + location = "US"
Step #1 - "tf plan validate all": + logging = []
Step #1 - "tf plan validate all": + name = (known after apply)
Step #1 - "tf plan validate all": + project = (known after apply)
Step #1 - "tf plan validate all": + project_number = (known after apply)
Step #1 - "tf plan validate all": + public_access_prevention = "inherited"
Step #1 - "tf plan validate all": + requester_pays = null
Step #1 - "tf plan validate all": + retention_policy = []
Step #1 - "tf plan validate all": + rpo = (known after apply)
Step #1 - "tf plan validate all": + self_link = (known after apply)
Step #1 - "tf plan validate all": + soft_delete_policy = (known after apply)
Step #1 - "tf plan validate all": + storage_class = "STANDARD"
Step #1 - "tf plan validate all": + terraform_labels = (known after apply)
Step #1 - "tf plan validate all": + timeouts = null
Step #1 - "tf plan validate all": + uniform_bucket_level_access = true
Step #1 - "tf plan validate all": + url = (known after apply)
Step #1 - "tf plan validate all": + versioning = [
Step #1 - "tf plan validate all": + {
Step #1 - "tf plan validate all": + enabled = true
Step #1 - "tf plan validate all": },
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + website = (known after apply)
Step #1 - "tf plan validate all": }
Step #1 - "tf plan validate all": + env_kms_project = (known after apply)
Step #1 - "tf plan validate all": + floating_project = (known after apply)
Step #1 - "tf plan validate all": + iap_firewall_tags = (known after apply)
Step #1 - "tf plan validate all": + keyring = (known after apply)
Step #1 - "tf plan validate all": + keys = [
Step #1 - "tf plan validate all": + "crypto-key-example",
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + peering_complete = (known after apply)
Step #1 - "tf plan validate all": + peering_network = {
Step #1 - "tf plan validate all": + export_custom_routes = false
Step #1 - "tf plan validate all": + export_subnet_routes_with_public_ip = false
Step #1 - "tf plan validate all": + id = (known after apply)
Step #1 - "tf plan validate all": + import_custom_routes = false
Step #1 - "tf plan validate all": + import_subnet_routes_with_public_ip = true
Step #1 - "tf plan validate all": + name = (known after apply)
Step #1 - "tf plan validate all": + network = "https://www.googleapis.com/compute/v1/projects/prj-p-shared-base-oae0/global/networks/vpc-p-shared-base-spoke"
Step #1 - "tf plan validate all": + peer_network = (known after apply)
Step #1 - "tf plan validate all": + stack_type = "IPV4_ONLY"
Step #1 - "tf plan validate all": + state = (known after apply)
Step #1 - "tf plan validate all": + state_details = (known after apply)
Step #1 - "tf plan validate all": + timeouts = null
Step #1 - "tf plan validate all": }
Step #1 - "tf plan validate all": + peering_project = (known after apply)
Step #1 - "tf plan validate all": + peering_subnetwork_self_link = (known after apply)
Step #1 - "tf plan validate all": + restricted_enabled_apis = [
Step #1 - "tf plan validate all": + "accesscontextmanager.googleapis.com",
Step #1 - "tf plan validate all": + "billingbudgets.googleapis.com",
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + restricted_shared_vpc_project = (known after apply)
Step #1 - "tf plan validate all": + restricted_shared_vpc_project_number = (known after apply)
Step #1 - "tf plan validate all": + restricted_subnets_self_links = [
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-central1/subnetworks/sb-p-shared-restricted-us-central1",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-central1/subnetworks/sb-p-shared-restricted-us-central1-proxy",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-west1/subnetworks/sb-p-shared-restricted-us-west1",
Step #1 - "tf plan validate all": + "https://www.googleapis.com/compute/v1/projects/prj-p-shared-restricted-2pqc/regions/us-west1/subnetworks/sb-p-shared-restricted-us-west1-proxy",
Step #1 - "tf plan validate all": ]
Step #1 - "tf plan validate all": + vpc_service_control_perimeter_name = "sp_p_shared_restricted_default_perimeter_20f1"
Step #1 - "tf plan validate all": *************** TERRAFORM VALIDATE ******************
Step #1 - "tf plan validate all": At environment: business_unit_1/production
Step #1 - "tf plan validate all": Using policy from: /workspace/policy-library
Step #1 - "tf plan validate all": *****************************************************
Step #1 - "tf plan validate all": WARNING: This command is using service account impersonation. All API calls will be executed as [sa-terraform-proj@prj-b-seed-8919.iam.gserviceaccount.com].
Step #1 - "tf plan validate all": Validating resources...
Step #1 - "tf plan validate all": ....................done.
Finished Step #1 - "tf plan validate all"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts using gsutil cp
cloudbuild-tf-plan.yaml: Uploading path....
Copying file://cloudbuild-tf-plan.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.0 KiB] 0% Done
/ [1/1 files][ 2.0 KiB/ 2.0 KiB] 100% Done
Operation completed over 1 objects/2.0 KiB.
cloudbuild-tf-plan.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/business_unit_1-non-production.tfplan [Content-Type=application/octet-stream]...
Copying file://tmp_plan/business_unit_1-development.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
Copying file://tmp_plan/business_unit_2-non-production.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
Copying file://tmp_plan/business_unit_1-shared.tfplan [Content-Type=application/octet-stream]...
Copying file://tmp_plan/business_unit_1-production.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
Copying file://tmp_plan/business_unit_2-development.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
Copying file://tmp_plan/business_unit_2-production.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
Copying file://tmp_plan/business_unit_2-shared.tfplan [Content-Type=application/octet-stream]...
/ [0/8 files][ 0.0 B/ 1.8 MiB] 0% Done
/ [1/8 files][101.1 KiB/ 1.8 MiB] 5% Done
-
- [2/8 files][647.4 KiB/ 1.8 MiB] 35% Done
- [3/8 files][647.4 KiB/ 1.8 MiB] 35% Done
- [4/8 files][ 1.8 MiB/ 1.8 MiB] 99% Done
- [5/8 files][ 1.8 MiB/ 1.8 MiB] 99% Done
- [6/8 files][ 1.8 MiB/ 1.8 MiB] 99% Done
- [7/8 files][ 1.8 MiB/ 1.8 MiB] 99% Done
- [8/8 files][ 1.8 MiB/ 1.8 MiB] 100% Done
Operation completed over 8 objects/1.8 MiB.
tmp_plan/*.tfplan: 8 matching files uploaded
9 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/terraform/cloudbuild/plan/097ffa67-f589-4984-a17e-32c1891cfcfd/
Uploading manifest artifacts-097ffa67-f589-4984-a17e-32c1891cfcfd.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/terraform/cloudbuild/plan/097ffa67-f589-4984-a17e-32c1891cfcfd/artifacts-097ffa67-f589-4984-a17e-32c1891cfcfd.json
DONE
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git checkout -b production
Switched to a new branch 'production'
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push origin production
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects
[new branch] production -> production
Step #4 - "tf apply": module.env.module.firewall_rules.google_compute_network_firewall_policy_rule.rules["1000"]: Creation complete after 32s [id=projects/prj-p-bu2sample-peering-snb4/global/firewallPolicies/fp-p-peering-project-firewalls/rules/1000]
Step #4 - "tf apply": module.env.google_compute_network_firewall_policy_association.vpc_association: Creating...
Step #4 - "tf apply": module.env.google_compute_network_firewall_policy_association.vpc_association: Creation complete after 9s [id=projects/prj-p-bu2sample-peering-snb4/global/firewallPolicies/fp-p-peering-project-firewalls/associations/fp-p-peering-project-firewalls-vpc-p-peering-base]
Step #4 - "tf apply":
Step #4 - "tf apply": Error: Error adding network peering: googleapi: Error 403: Rate Limit Exceeded
Step #4 - "tf apply": Details:
Step #4 - "tf apply": [
Step #4 - "tf apply": {
Step #4 - "tf apply": "@type": "type.googleapis.com/google.rpc.ErrorInfo",
Step #4 - "tf apply": "domain": "compute.googleapis.com",
Step #4 - "tf apply": "metadatas": {
Step #4 - "tf apply": "containerId": "17819846901",
Step #4 - "tf apply": "containerType": "PROJECT",
Step #4 - "tf apply": "location": "global"
Step #4 - "tf apply": },
Step #4 - "tf apply": "reason": "CONCURRENT_OPERATIONS_QUOTA_EXCEEDED"
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "@type": "type.googleapis.com/google.rpc.Help",
Step #4 - "tf apply": "links": [
Step #4 - "tf apply": {
Step #4 - "tf apply": "description": "Concurrent operations quota documentation.",
Step #4 - "tf apply": "url": "https://cloud.google.com/compute/operations-quota#concurrent_operation_limits"
Step #4 - "tf apply": }
Step #4 - "tf apply": ]
Step #4 - "tf apply": },
Step #4 - "tf apply": {
Step #4 - "tf apply": "@type": "type.googleapis.com/google.rpc.LocalizedMessage",
Step #4 - "tf apply": "locale": "en-US",
Step #4 - "tf apply": "message": "Quota on concurrent operations exceeded for project 17819846901 in global."
Step #4 - "tf apply": }
Step #4 - "tf apply": ]
Step #4 - "tf apply": , rateLimitExceeded
Step #4 - "tf apply":
Step #4 - "tf apply": with module.env.module.peering.google_compute_network_peering.peer_network_peering,
Step #4 - "tf apply": on .terraform/modules/env.peering/modules/network-peering/main.tf line 50, in resource "google_compute_network_peering" "peer_network_peering":
Step #4 - "tf apply": 50: resource "google_compute_network_peering" "peer_network_peering" {
Step #4 - "tf apply":
Finished Step #4 - "tf apply"
ERROR
ERROR: build step 4 "us-central1-docker.pkg.dev/prj-b-cicd-82vv/tf-runners/terraform:v1" failed: step exited with non-zero status: 1
https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/391 retry fixes the API quota CONCURRENT_OPERATIONS_QUOTA_EXCEEDED issue - wait 60 min - now we see all shared VPCs for business units
39 projects (non-production and dev pending) 10 projects across production-bu1/bu2 20 more pending - but I may not run both
michael@cloudshell:~$ gcloud config set project tef-olxyz
Updated property [core/project].
michael@cloudshell:~ (tef-olxyz)$ cd tef-olxyz/github/gcp-projects/
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ cp ../../terraform /usr/bin/
cp: cannot create regular file '/usr/bin/terraform': Permission denied
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ sudo cp ../../terraform /usr/bin/
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.0. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git checkout -b development
Switched to a new branch 'development'
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$ git push origin development
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
To https://source.developers.google.com/p/prj-b-cicd-82vv/r/gcp-projects
* [new branch] development -> development
michael@cloudshell:~/tef-olxyz/github/gcp-projects (tef-olxyz)$
check development apply trigger
CSR repositories
unset service account impersonation
Step #4 - "tf apply": Apply complete! Resources: 101 added, 0 changed, 0 destroyed.
Step #4 - "tf apply":
Step #4 - "tf apply": Outputs:
Step #4 - "tf apply":
Step #4 - "tf apply": access_context_manager_policy_id = 807865857747
Step #4 - "tf apply": base_shared_vpc_project = "prj-d-bu1sample-base-kizc"
Step #4 - "tf apply": base_shared_vpc_project_sa = "project-service-account@prj-d-bu1sample-base-kizc.iam.gserviceaccount.com"
Step #4 - "tf apply": base_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-central1/subnetworks/sb-d-shared-base-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-central1/subnetworks/sb-d-shared-base-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-west1/subnetworks/sb-d-shared-base-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/regions/us-west1/subnetworks/sb-d-shared-base-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": bucket = {
Step #4 - "tf apply": "autoclass" = tolist([])
Step #4 - "tf apply": "cors" = tolist([])
Step #4 - "tf apply": "custom_placement_config" = tolist([])
Step #4 - "tf apply": "default_event_based_hold" = false
Step #4 - "tf apply": "effective_labels" = tomap({})
Step #4 - "tf apply": "enable_object_retention" = false
Step #4 - "tf apply": "encryption" = tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "default_kms_key_name" = "projects/prj-d-bu1env-kms-m0bx/locations/us/keyRings/sample-keyring/cryptoKeys/crypto-key-example"
Step #4 - "tf apply": },
Step #4 - "tf apply": ])
Step #4 - "tf apply": "force_destroy" = false
Step #4 - "tf apply": "id" = "bkt-prj-d-bu1sample-base-kizc-us-cmek-encrypted-wmts8"
Step #4 - "tf apply": "labels" = tomap(null) /* of string */
Step #4 - "tf apply": "lifecycle_rule" = tolist([])
Step #4 - "tf apply": "location" = "US"
Step #4 - "tf apply": "logging" = tolist([])
Step #4 - "tf apply": "name" = "bkt-prj-d-bu1sample-base-kizc-us-cmek-encrypted-wmts8"
Step #4 - "tf apply": "project" = "prj-d-bu1sample-base-kizc"
Step #4 - "tf apply": "project_number" = 161114371844
Step #4 - "tf apply": "public_access_prevention" = "inherited"
Step #4 - "tf apply": "requester_pays" = false
Step #4 - "tf apply": "retention_policy" = tolist([])
Step #4 - "tf apply": "rpo" = "DEFAULT"
Step #4 - "tf apply": "self_link" = "https://www.googleapis.com/storage/v1/b/bkt-prj-d-bu1sample-base-kizc-us-cmek-encrypted-wmts8"
Step #4 - "tf apply": "soft_delete_policy" = tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "effective_time" = "2024-04-17T00:11:12.724Z"
Step #4 - "tf apply": "retention_duration_seconds" = 604800
Step #4 - "tf apply": },
Step #4 - "tf apply": ])
Step #4 - "tf apply": "storage_class" = "STANDARD"
Step #4 - "tf apply": "terraform_labels" = tomap({})
Step #4 - "tf apply": "timeouts" = null /* object */
Step #4 - "tf apply": "uniform_bucket_level_access" = true
Step #4 - "tf apply": "url" = "gs://bkt-prj-d-bu1sample-base-kizc-us-cmek-encrypted-wmts8"
Step #4 - "tf apply": "versioning" = tolist([
Step #4 - "tf apply": {
Step #4 - "tf apply": "enabled" = true
Step #4 - "tf apply": },
Step #4 - "tf apply": ])
Step #4 - "tf apply": "website" = tolist([])
Step #4 - "tf apply": }
Step #4 - "tf apply": env_kms_project = "prj-d-bu1env-kms-m0bx"
Step #4 - "tf apply": floating_project = "prj-d-bu1sample-floating-bzum"
Step #4 - "tf apply": iap_firewall_tags = tomap({
Step #4 - "tf apply": "tagKeys/281477283940102" = "tagValues/281479877791895"
Step #4 - "tf apply": "tagKeys/281480629325912" = "tagValues/281478394091586"
Step #4 - "tf apply": })
Step #4 - "tf apply": keyring = "projects/prj-d-bu1env-kms-m0bx/locations/us/keyRings/sample-keyring"
Step #4 - "tf apply": keys = [
Step #4 - "tf apply": "crypto-key-example",
Step #4 - "tf apply": ]
Step #4 - "tf apply": peering_complete = "1858322091449506169"
Step #4 - "tf apply": peering_network = {
Step #4 - "tf apply": "export_custom_routes" = false
Step #4 - "tf apply": "export_subnet_routes_with_public_ip" = false
Step #4 - "tf apply": "id" = "vpc-d-shared-base-spoke/bu1-d-vpc-d-shared-base-spoke-vpc-d-peering-base"
Step #4 - "tf apply": "import_custom_routes" = false
Step #4 - "tf apply": "import_subnet_routes_with_public_ip" = true
Step #4 - "tf apply": "name" = "bu1-d-vpc-d-shared-base-spoke-vpc-d-peering-base"
Step #4 - "tf apply": "network" = "https://www.googleapis.com/compute/v1/projects/prj-d-shared-base-nlqs/global/networks/vpc-d-shared-base-spoke"
Step #4 - "tf apply": "peer_network" = "https://www.googleapis.com/compute/beta/projects/prj-d-bu1sample-peering-8a3v/global/networks/vpc-d-peering-base"
Step #4 - "tf apply": "stack_type" = "IPV4_ONLY"
Step #4 - "tf apply": "state" = "ACTIVE"
Step #4 - "tf apply": "state_details" = "[2024-04-16T17:11:31.220-07:00]: Connected."
Step #4 - "tf apply": "timeouts" = null /* object */
Step #4 - "tf apply": }
Step #4 - "tf apply": peering_project = "prj-d-bu1sample-peering-8a3v"
Step #4 - "tf apply": peering_subnetwork_self_link = "https://www.googleapis.com/compute/v1/projects/prj-d-bu1sample-peering-8a3v/regions/us-central1/subnetworks/sb-d-bu1-peered-us-central1"
Step #4 - "tf apply": restricted_enabled_apis = tolist([
Step #4 - "tf apply": "accesscontextmanager.googleapis.com",
Step #4 - "tf apply": "billingbudgets.googleapis.com",
Step #4 - "tf apply": ])
Step #4 - "tf apply": restricted_shared_vpc_project = "prj-d-bu1sample-restrict-dide"
Step #4 - "tf apply": restricted_shared_vpc_project_number = "229211895034"
Step #4 - "tf apply": restricted_subnets_self_links = [
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-central1/subnetworks/sb-d-shared-restricted-us-central1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-central1/subnetworks/sb-d-shared-restricted-us-central1-proxy",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-west1/subnetworks/sb-d-shared-restricted-us-west1",
Step #4 - "tf apply": "https://www.googleapis.com/compute/v1/projects/prj-d-shared-restricted-j004/regions/us-west1/subnetworks/sb-d-shared-restricted-us-west1-proxy",
Step #4 - "tf apply": ]
Step #4 - "tf apply": vpc_service_control_perimeter_name = "sp_d_shared_restricted_default_perimeter_d036"
Step #4 - "tf apply": policy-library/policies doesn't match development; skipping
Step #4 - "tf apply": policy-library/lib doesn't match development; skipping
Step #4 - "tf apply": policy-library/.git doesn't match development; skipping
Finished Step #4 - "tf apply"
PUSH
Artifacts will be uploaded to gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts using gsutil cp
cloudbuild-tf-apply.yaml: Uploading path....
Copying file://cloudbuild-tf-apply.yaml [Content-Type=application/octet-stream]...
/ [0/1 files][ 0.0 B/ 2.6 KiB] 0% Done
/ [1/1 files][ 2.6 KiB/ 2.6 KiB] 100% Done
Operation completed over 1 objects/2.6 KiB.
cloudbuild-tf-apply.yaml: 1 matching files uploaded
tmp_plan/*.tfplan: Uploading path....
Copying file://tmp_plan/business_unit_2-development.tfplan [Content-Type=application/octet-stream]...
Copying file://tmp_plan/business_unit_1-development.tfplan [Content-Type=application/octet-stream]...
/ [0/2 files][ 0.0 B/546.3 KiB] 0% Done
/ [0/2 files][ 0.0 B/546.3 KiB] 0% Done
/ [1/2 files][546.3 KiB/546.3 KiB] 99% Done
/ [2/2 files][546.3 KiB/546.3 KiB] 100% Done
Operation completed over 2 objects/546.3 KiB.
tmp_plan/*.tfplan: 2 matching files uploaded
3 total artifacts uploaded to gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/terraform/cloudbuild/apply/cc46b1be-10fd-4ad3-b3bd-13f812812048/
Uploading manifest artifacts-cc46b1be-10fd-4ad3-b3bd-13f812812048.json
Artifact manifest located at gs://bkt-prj-b-cicd-82vv-gcp-projects-build-artifacts/terraform/cloudbuild/apply/cc46b1be-10fd-4ad3-b3bd-13f812812048/artifacts-cc46b1be-10fd-4ad3-b3bd-13f812812048.json
DONE
enumerate zombie resources like the two organization level firewall policies
Architecture reverse engineering / diagramming in progress for Fortigate retrofit
There are two classifications in the LZ - restricted and base. There are three environments - development, non-production, production.
To set your Cloud Platform project in this session use “gcloud config set project [PROJECT_ID]”
michael@cloudshell:~$ gcloud config set project tef-olxyz
Updated property [core/project].
michael@cloudshell:~ (tef-olxyz)$ cd tef-olxyz/github/
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.1. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ sudo cp ../terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64
Your version of Terraform is out of date! The latest version
is 1.8.1. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export INFRA_PIPELINE_PROJECT_ID=$(terraform -chdir="gcp-projects/business_unit_1/shared/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${INFRA_PIPELINE_PROJECT_ID}
prj-c-bu1infra-pipeline-iap1
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-policies gcp-policies-app-infra --project=${INFRA_PIPELINE_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-policies-app-infra'...
warning: You appear to have cloned an empty repository.
Project [prj-c-bu1infra-pipeline-iap1] repository [gcp-policies] was cloned to [/home/michael/tef-olxyz/github/gcp-policies-app-infra].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-policies-app-infra
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ ls
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git checkout -b main
Switched to a new branch 'main'
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ cp -RT ../terraform-example-foundation/policy-library/ .
cp: cannot stat '../terraform-example-foundation/policy-library/': No such file or directory
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/policy-library/ .
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ ls
lib policies
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git commit -m 'Initialize policy library repo'
[main (root-commit) 06829ee] Initialize policy library repo
112 files changed, 9682 insertions(+)
create mode 100644 lib/constraints.rego
create mode 100644 lib/util.rego
create mode 100644 lib/util_test.rego
create mode 100644 policies/constraints/appengine_versions.yaml
create mode 100644 policies/constraints/bigquery_world_readable.yaml
create mode 100644 policies/constraints/dnssec_prevent_rsasha1_ksk.yaml
create mode 100644 policies/constraints/dnssec_prevent_rsasha1_zsk.yaml
create mode 100644 policies/constraints/gke_allow_only_private_cluster.yaml
create mode 100644 policies/constraints/gke_allowed_node_sa_scope.yaml
create mode 100644 policies/constraints/gke_container_optimized_os.yaml
create mode 100644 policies/constraints/gke_dashboard_disable.yaml
create mode 100644 policies/constraints/gke_disable_default_service_account.yaml
create mode 100644 policies/constraints/gke_disable_legacy_endpoints.yaml
create mode 100644 policies/constraints/gke_enable_alias_ip_ranges.yaml
create mode 100644 policies/constraints/gke_legacy_abac.yaml
create mode 100644 policies/constraints/gke_master_authorized_networks_enabled.yaml
create mode 100644 policies/constraints/gke_node_pool_auto_repair.yaml
create mode 100644 policies/constraints/gke_node_pool_auto_upgrade.yaml
create mode 100644 policies/constraints/gke_restrict_client_auth_methods.yaml
create mode 100644 policies/constraints/gke_restrict_pod_traffic.yaml
create mode 100644 policies/constraints/iam_deny_public.yaml
create mode 100644 policies/constraints/network_enable_flow_logs.yaml
create mode 100644 policies/constraints/network_enable_private_google_access.yaml
create mode 100644 policies/constraints/restrict_fw_rules_rdp_world_open.yaml
create mode 100644 policies/constraints/restrict_fw_rules_ssh_world_open.yaml
create mode 100644 policies/constraints/restrict_fw_rules_world_open.yaml
create mode 100644 policies/constraints/serviceusage_allow_basic_apis.yaml
create mode 100644 policies/constraints/sql_public_ip.yaml
create mode 100644 policies/constraints/sql_ssl.yaml
create mode 100644 policies/constraints/storage_bucket_policy_only.yaml
create mode 100644 policies/constraints/storage_denylist_public.yaml
create mode 100644 policies/templates/gcp_allowed_resource_types.yaml
create mode 100644 policies/templates/gcp_always_violates_v1.yaml
create mode 100644 policies/templates/gcp_app_service_versions.yaml
create mode 100644 policies/templates/gcp_appengine_location_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_cmek_encryption_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_dataset_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_bigquery_table_retention_v1.yaml
create mode 100644 policies/templates/gcp_bq_dataset_location_v1.yaml
create mode 100644 policies/templates/gcp_cmek_rotation_v1.yaml
create mode 100644 policies/templates/gcp_cmek_settings_v1.yaml
create mode 100644 policies/templates/gcp_compute_allowed_networks.yaml
create mode 100644 policies/templates/gcp_compute_disk_resource_policies_v1.yaml
create mode 100644 policies/templates/gcp_compute_external_ip_address.yaml
create mode 100644 policies/templates/gcp_compute_ip_forward.yaml
create mode 100644 policies/templates/gcp_compute_zone_v1.yaml
create mode 100644 policies/templates/gcp_dataproc_location_v1.yaml
create mode 100644 policies/templates/gcp_dnssec_prevent_rsasha1_v1.yaml
create mode 100644 policies/templates/gcp_dnssec_v1.yaml
create mode 100644 policies/templates/gcp_enforce_labels_v1.yaml
create mode 100644 policies/templates/gcp_enforce_naming_v1.yaml
create mode 100644 policies/templates/gcp_gke_allowed_node_sa_v1.yaml
create mode 100644 policies/templates/gcp_gke_cluster_location.yaml
create mode 100644 policies/templates/gcp_gke_cluster_version_v1.yaml
create mode 100644 policies/templates/gcp_gke_container_optimized_os.yaml
create mode 100644 policies/templates/gcp_gke_dashboard_v1.yaml
create mode 100644 policies/templates/gcp_gke_disable_default_service_account_v1.yaml
create mode 100644 policies/templates/gcp_gke_disable_legacy_endpoints_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_alias_ip_ranges.yaml
create mode 100644 policies/templates/gcp_gke_enable_private_endpoint.yaml
create mode 100644 policies/templates/gcp_gke_enable_shielded_nodes_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_kubernetes_engine_monitoring_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_logging_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_stackdriver_monitoring_v1.yaml
create mode 100644 policies/templates/gcp_gke_enable_workload_identity_v1.yaml
create mode 100644 policies/templates/gcp_gke_legacy_abac_v1.yaml
create mode 100644 policies/templates/gcp_gke_master_authorized_networks_enabled_v1.yaml
create mode 100644 policies/templates/gcp_gke_node_auto_repair_v1.yaml
create mode 100644 policies/templates/gcp_gke_node_auto_upgrade_v1.yaml
create mode 100644 policies/templates/gcp_gke_private_cluster_v1.yaml
create mode 100644 policies/templates/gcp_gke_restrict_client_auth_methods_v1.yaml
create mode 100644 policies/templates/gcp_gke_restrict_pod_traffic_v1.yaml
create mode 100644 policies/templates/gcp_glb_external_ip_access_constraint_v1.yaml
create mode 100644 policies/templates/gcp_iam_allow_ban_roles_v1.yaml
create mode 100644 policies/templates/gcp_iam_allowed_bindings.yaml
create mode 100644 policies/templates/gcp_iam_allowed_policy_member_domains.yaml
create mode 100644 policies/templates/gcp_iam_audit_log.yaml
create mode 100644 policies/templates/gcp_iam_custom_role_permissions_v1.yaml
create mode 100644 policies/templates/gcp_iam_required_bindings_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_creation_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_age_v1.yaml
create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_type_v1.yaml
create mode 100644 policies/templates/gcp_lb_forwarding_rules.yaml
create mode 100644 policies/templates/gcp_network_enable_firewall_logs_v1.yaml
create mode 100644 policies/templates/gcp_network_enable_flow_logs_v1.yaml
create mode 100644 policies/templates/gcp_network_enable_private_google_access_v1.yaml
create mode 100644 policies/templates/gcp_network_restrict_default_v1.yaml
create mode 100644 policies/templates/gcp_network_routing_v1.yaml
create mode 100644 policies/templates/gcp_resource_value_pattern_v1.yaml
create mode 100644 policies/templates/gcp_restricted_firewall_rules_v1.yaml
create mode 100644 policies/templates/gcp_serviceusage_allowed_services_v1.yaml
create mode 100644 policies/templates/gcp_spanner_location_v1.yaml
create mode 100644 policies/templates/gcp_sql_allowed_authorized_networks_v1.yaml
create mode 100644 policies/templates/gcp_sql_backup_v1.yaml
create mode 100644 policies/templates/gcp_sql_instance_type_v1.yaml
create mode 100644 policies/templates/gcp_sql_location_v1.yaml
create mode 100644 policies/templates/gcp_sql_maintenance_window_v1.yaml
create mode 100644 policies/templates/gcp_sql_public_ip_v1.yaml
create mode 100644 policies/templates/gcp_sql_ssl_v1.yaml
create mode 100644 policies/templates/gcp_sql_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_policy_only_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_retention_v1.yaml
create mode 100644 policies/templates/gcp_storage_bucket_world_readable_v1.yaml
create mode 100644 policies/templates/gcp_storage_cmek_encryption_v1.yaml
create mode 100644 policies/templates/gcp_storage_location_v1.yaml
create mode 100644 policies/templates/gcp_storage_logging_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_allowed_regions.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_access_levels_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_project_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ensure_services_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_ip_range_v1.yaml
create mode 100644 policies/templates/gcp_vpc_sc_project_perimeter.yaml
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git push --set-upstream origin main
Enumerating objects: 118, done.
Counting objects: 100% (118/118), done.
Delta compression using up to 4 threads
Compressing objects: 100% (118/118), done.
Writing objects: 100% (118/118), 72.63 KiB | 2.42 MiB/s, done.
Total 118 (delta 87), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (87/87)
remote: Waiting for private key checker: 98/112 objects left
To https://source.developers.google.com/p/prj-c-bu1infra-pipeline-iap1/r/gcp-policies
* [new branch] main -> main
Branch 'main' set up to track remote branch 'main' from 'origin'.
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ cd ..
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone bu1-example-app --project=${INFRA_PIPELINE_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/bu1-example-app'...
warning: You appear to have cloned an empty repository.
Project [prj-c-bu1infra-pipeline-iap1] repository [bu1-example-app] was cloned to [/home/michael/tef-olxyz/github/bu1-example-app].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd bu1-example-app
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/5-app-infra/ .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ mv common.auto.example.tfvars common.auto.tfvars
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git status
On branch plan
No commits yet
Changes to be committed:
(use "git rm --cached <file>..." to unstage)
new file: .gitignore
new file: README.md
new file: business_unit_1/development/README.md
new file: business_unit_1/development/backend.tf
new file: business_unit_1/development/common.auto.tfvars
new file: business_unit_1/development/main.tf
new file: business_unit_1/development/outputs.tf
new file: business_unit_1/development/variables.tf
new file: business_unit_1/development/versions.tf
new file: business_unit_1/non-production/README.md
new file: business_unit_1/non-production/backend.tf
new file: business_unit_1/non-production/common.auto.tfvars
new file: business_unit_1/non-production/main.tf
new file: business_unit_1/non-production/outputs.tf
new file: business_unit_1/non-production/variables.tf
new file: business_unit_1/non-production/versions.tf
new file: business_unit_1/production/README.md
new file: business_unit_1/production/backend.tf
new file: business_unit_1/production/common.auto.tfvars
new file: business_unit_1/production/main.tf
new file: business_unit_1/production/outputs.tf
new file: business_unit_1/production/variables.tf
new file: business_unit_1/production/versions.tf
new file: cloudbuild-tf-apply.yaml
new file: cloudbuild-tf-plan.yaml
new file: common.auto.tfvars
new file: modules/env_base/README.md
new file: modules/env_base/main.tf
new file: modules/env_base/outputs.tf
new file: modules/env_base/variables.tf
new file: modules/env_base/versions.tf
new file: tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git commit -m 'Initialize bu1 example app repo'
[plan (root-commit) d1ac96b] Initialize bu1 example app repo
32 files changed, 1748 insertions(+)
create mode 100644 .gitignore
create mode 100644 README.md
create mode 100644 business_unit_1/development/README.md
create mode 100644 business_unit_1/development/backend.tf
create mode 120000 business_unit_1/development/common.auto.tfvars
create mode 100644 business_unit_1/development/main.tf
create mode 100644 business_unit_1/development/outputs.tf
create mode 100644 business_unit_1/development/variables.tf
create mode 100644 business_unit_1/development/versions.tf
create mode 100644 business_unit_1/non-production/README.md
create mode 100644 business_unit_1/non-production/backend.tf
create mode 120000 business_unit_1/non-production/common.auto.tfvars
create mode 100644 business_unit_1/non-production/main.tf
create mode 100644 business_unit_1/non-production/outputs.tf
create mode 100644 business_unit_1/non-production/variables.tf
create mode 100644 business_unit_1/non-production/versions.tf
create mode 100644 business_unit_1/production/README.md
create mode 100644 business_unit_1/production/backend.tf
create mode 120000 business_unit_1/production/common.auto.tfvars
create mode 100644 business_unit_1/production/main.tf
create mode 100644 business_unit_1/production/outputs.tf
create mode 100644 business_unit_1/production/variables.tf
create mode 100644 business_unit_1/production/versions.tf
create mode 100644 cloudbuild-tf-apply.yaml
create mode 100644 cloudbuild-tf-plan.yaml
create mode 100644 common.auto.tfvars
create mode 100644 modules/env_base/README.md
create mode 100644 modules/env_base/main.tf
create mode 100644 modules/env_base/outputs.tf
create mode 100644 modules/env_base/variables.tf
create mode 100644 modules/env_base/versions.tf
create mode 100755 tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 30, done.
Counting objects: 100% (30/30), done.
Delta compression using up to 4 threads
Compressing objects: 100% (28/28), done.
Writing objects: 100% (30/30), 14.27 KiB | 1.78 MiB/s, done.
Total 30 (delta 14), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (14/14)
remote: Waiting for private key checker: 22/22 objects left
To https://source.developers.google.com/p/prj-c-bu1infra-pipeline-iap1/r/bu1-example-app
* [new branch] plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.
there is no trigger in cb for the example
see #392
See latest 3rd org testing 50 min for #421 in https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/421#issuecomment-2093522430
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
A public sector terraform based landing zone based on the TEF V4 that will be V5 ready for collaboration with GCP PSO/TOC ready overlay changes. Key off https://github.com/terraform-google-modules/terraform-example-foundation/issues/1133 Verify as-is v4 after merging https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/pull/358 - done
TEF (essentially R/O synced with the foundations security blueprint) V4 is https://github.com/terraform-google-modules/terraform-example-foundation Fork for automated resync is https://github.com/CloudLandingZone/terraform-example-foundation
Architecture retrofit in progress via https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/389
Requirements
Shadow or temporarily host/fork work getting the TEF up for Public Sector clients via work in https://github.com/terraform-google-modules/terraform-example-foundation/issues/1133 until we can get PRs merged directly in the TEF The goal is to get everything done directly in the TEF, this repo is only temporary for velocity as we work out the PR process with the TEF and the modules in the GCP org https://github.com/terraform-google-modules/ like https://github.com/terraform-google-modules/terraform-google-project-factory
Work Items
https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/wiki/Work-Items
Architecture and Artifacts
editing
Microsegmentation
There are two classifications in the LZ - restricted and base. There are three environments - development, non-production, production.
High Level Diagram - Default
High Level Diagram - Development environment only
mermaid - diagrams as code
Projects view
VPC view
Work items and Use Cases
Issues
362
380
379
PRs
Branches
Deprecates