VertexAI Custom IAM Permission Creation Errors

[BatoolKad]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.9.3 on google

• provider registry.terraform.io/hashicorp/google v4.60.2

Affected Resource(s)

*google_project_iam_custom_role

Terraform Configuration

resource "google_project_iam_custom_role" "X_custom_role" {
  role_id     = "customXRrole"
  title       = "XCustom Role"
  description = "Custom roles for X"
  project     = var.project

  permissions = [

    # Workbench roles
    " aiplatform.notebookExecutionJobs.create",
    "aiplatform.notebookExecutionJobs.delete",
    "aiplatform.notebookExecutionJobs.get",
    "aiplatform.notebookExecutionJobs.list",
    "aiplatform.notebookRuntimeTemplates.apply",
    "aiplatform.notebookRuntimeTemplates.create",
    "aiplatform.notebookRuntimeTemplates.delete",
    "aiplatform.notebookRuntimeTemplates.get",
    "aiplatform.notebookRuntimeTemplates.list",
    "aiplatform.notebookRuntimeTemplates.update"]
}

Debug Output

Expected Behavior

It should create a custom role with the provided permissions, but it keeps giving me an error. But When I create other roles for BigQuery for example it did not give me this error!

Actual Behavior

Error: Error creating the custom project role projects/####/roles/customXRole: googleapi: Error 400: Permission aiplatform.notebookExecutionJobs.create is not valid., badRequest

Steps to reproduce

Copy the terraform configuration

Run terraform apply

Important Factoids

No response

References

https://cloud.google.com/iam/docs/understanding-roles#ai-notebooks-roles

[ggtisc]

Hi @BatoolKad !

Did you notice that you have a blank space for the " aiplatform.notebookExecutionJobs.create"? You need to be sure that all the roles you are using have the correct nomenclature and are written correctly. I suggest that before running a terraform apply be sure that everything is written and saved correctly.