Closed prabhu34 closed 2 months ago
@amandakarina Can you or your team revisit the roles used in the secure module?
@prabhu34 I tried to use the modifications from your PR locally, but it is generating an error when applying. NOTE: Ignore the use of terragrunt.
module.cloud_functions2.google_cloudfunctions2_function_iam_member.invokers["allUsers"]: Creating...
╷
│ Error: Error applying IAM policy for cloudfunctions2 function "projects/xxx/locations/us-east4/functions/function-terragrunt": Error setting IAM policy for cloudfunctions2 function "projects/xxx/locations/us-east4/functions/function-terragrunt": googleapi: Error 400: Invalid argument: 'An invalid argument was specified. Please check the fields and try again.'
│
│ with module.cloud_functions2.google_cloudfunctions2_function_iam_member.invokers["allUsers"],
│ on module/main.tf line 131, in resource "google_cloudfunctions2_function_iam_member" "invokers":
│ 131: resource "google_cloudfunctions2_function_iam_member" "invokers" ***
│
╵
time=2024-01-28T16:25:53Z level=error msg=Module /home/runner/work/terraform-modules/terraform-modules/terraform/cloudfunctions2 has finished with an error: 1 error occurred:
* exit status 1
prefix=[/home/runner/work/terraform-modules/terraform-modules/terraform/cloudfunctions2]
time=2024-01-28T16:25:53Z level=error msg=1 error occurred:
* exit status 1
I found the error. I made a PR similar to this with the necessary changes to not generate the mentioned error. PR: https://github.com/GoogleCloudPlatform/terraform-google-cloud-functions/pull/90
I found the error. I made a PR similar to this with the necessary changes to not generate the mentioned error. PR: #90
Thank you! I have added the support for both these roles here. Hence closing #90.
@prabhu34 Is it still necessary to create the google_cloudfunctions2_function_iam_member
resources? Whereas google_cloud_run_service_iam_member
will now be used.
@prabhu34 Is it still necessary to create the
google_cloudfunctions2_function_iam_member
resources? Whereasgoogle_cloud_run_service_iam_member
will now be used.
It would gradually go off in future versions. But for now this is to support the existing usage of the role bindings.
/gcbrun
@bharathkkb - I think this can be approved/merged while the CI is failing and we figure out the root cause.
@g-awmalik @bharathkkb @apeabody
PR chore: add retry to secure cloud function test should make the build process stable enough.
A further improvement can be added by increasing the possibles values for the access level create in the test in this other fix!: replace random_id with random_string to increase number of possible access levels .
It can be used after we got a new release of the terraform-google-cloud-run
repository.
This should fix most of the build errors base in the last 50 failing build (VPC-SC propagation and VPC-SC name collision)
cloudfunctions.invoker
torun.invoker
and fromcloudfunctions.developer
torun.developer
.71
87