Open lognarly opened 1 year ago
@lognarly can you share the debug log for the terraform apply?
@lognarly can you share the debug log for the terraform apply?
This is the debug log that throws the error. We are running this through Cloud Build so the error logging is less than ideal, but this is the best I can really do:
"Step #2 - "terraform apply": 2023-09-07T13:50:22.310Z [DEBUG] provider.terraform-provider-google_v4.77.0_x5: "message": "Request contains an invalid argument.","
"Step #2 - "terraform apply": 2023-09-07T13:50:22.310Z [DEBUG] provider.terraform-provider-google_v4.77.0_x5: "status": "INVALID_ARGUMENT""
"Step #2 - "terraform apply": 2023-09-07T13:50:22.311Z [ERROR] provider.terraform-provider-google_v4.77.0_x5: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 tf_proto_version=5.3 tf_req_id=3b14b40d-d673-9045-4d9a-aedbb2b3b327 tf_resource_type=google_scc_notification_config tf_provider_addr=registry.terraform.io/hashicorp/google tf_rpc=ApplyResourceChange @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="Error creating NotificationConfig: googleapi: Error 400: Request contains an invalid argument." timestamp=2023-09-07T13:50:22.308Z"
Step #2 - "terraform apply": 2023-09-07T13:50:22.312Z [ERROR] vertex "module.compliance[0].google_scc_notification_config.public_dataset[0]" error: Error creating NotificationConfig: googleapi: Error 400: Request contains an invalid argument.
"Step #2 - "terraform apply": Error: Error creating NotificationConfig: googleapi: Error 400: Request contains an invalid argument."
Are there any updates on this issue? Or possibly any additional steps I can take to help figure this out?
Looks like for some reason this is only happening in a specific GCP organization (same code works in another org). Are there some specific organization policies that could be causing a 400 with the poor error message?
Thanks for the input. I'm taking a look now
This turned out to be related to permissions on the service account deploying the configuration. Would be nice if a useful error message was spit back rather than a generic 400
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Terraform Version: 1.5.4
Step #0 - "terraform init": Pulling image: hashicorp/terraform:1.5.4
Google Provider version: 4.77.0 (also tested with same result on 4.79.0)
Step #0 - "terraform init": - Installing hashicorp/google v4.77.0...
Affected Resource(s)
Terraform Configuration Files
var.google_org_number
is a string of my GCP org, and the pubsub is being read via a data object in a separate project.Expected Behavior
A
google_scc_notification_config
resource is created.Actual Behavior
Receiving a 400 error during apply, plan runs fine:
Step #2 - "terraform apply": Error: Error creating NotificationConfig: googleapi: Error 400: Request contains an invalid argument.
Additional Testing
I was able to use the exact same configuration via
gcloud
CLI, although it gave a weird warning back:b/308248058