alljames
commented
5 years ago More details:
$ terraform version
Terraform v0.11.14
+ provider.google v2.5.1
+ provider.random v2.1.1Closed alljames closed 4 years ago
alljames
commented
5 years ago More details:
$ terraform version
Terraform v0.11.14
+ provider.google v2.5.1
+ provider.random v2.1.1
wwwil
commented
5 years ago Are you using the example project or just the module?
alljames
commented
5 years ago I was using the module (so referencing main.tf, variables.tf and iam.tf in the root of the repo)
alljames
commented
5 years ago I believe the issue was caused by a terraform serviceAccount already existing in the GCP project; however, Terraform is still unable to generate serviceAccounts using a differently-named SA. This is using the 0.2.0-alpha1 release:
$terraform version
Terraform v0.12.10
+ provider.google v2.5.1
+ provider.random v2.1.1Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<GCP_PROJECT>., forbidden
on iam.tf line 25, in resource "google_service_account" "default":
25: resource "google_service_account" "default" {
Error: Error creating Network: googleapi: Error 403: Required 'compute.networks.create' permission for 'projects/<GCP_PROJECT>/global/networks/gr-vpc-network', forbidden
on main.tf line 37, in resource "google_compute_network" "vpc_network":
37: resource "google_compute_network" "vpc_network" {
Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<GCP_PROJECT>., forbidden
on .terraform/modules/cluster/jetstack-terraform-google-gke-cluster-67d5537/iam.tf line 25, in resource "google_service_account" "default":
25: resource "google_service_account" "default" {
make: *** [mk/tf.mk:32: tf_apply_plan] Error 1
simplyzee
commented
5 years ago I believe the issue was caused by a
terraformserviceAccount already existing in the GCP project; however, Terraform is still unable to generate serviceAccounts using a differently-named SA. This is using the 0.2.0-alpha1 release:$terraform version Terraform v0.12.10 + provider.google v2.5.1 + provider.random v2.1.1Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<GCP_PROJECT>., forbidden on iam.tf line 25, in resource "google_service_account" "default": 25: resource "google_service_account" "default" { Error: Error creating Network: googleapi: Error 403: Required 'compute.networks.create' permission for 'projects/<GCP_PROJECT>/global/networks/gr-vpc-network', forbidden on main.tf line 37, in resource "google_compute_network" "vpc_network": 37: resource "google_compute_network" "vpc_network" { Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<GCP_PROJECT>., forbidden on .terraform/modules/cluster/jetstack-terraform-google-gke-cluster-67d5537/iam.tf line 25, in resource "google_service_account" "default": 25: resource "google_service_account" "default" { make: *** [mk/tf.mk:32: tf_apply_plan] Error 1
@alljames I think the above issue could be down to the service account you're using to run the terraform. It might not have the right privileges in place to support the creation of the terraform resources. Can you check your service account to make sure?
EvertonSA
commented
4 years ago @zee-ahmed how could it be? He mentioned GCP ServiceAccount (with roles/owner).
repo-lockdown[bot]
commented
4 years ago This project is now deprecated so we aren't accepting any further changes.
When naming the GCP ServiceAccount (with
roles/owner)terraform, runningterraform planreports no errors, butterraform applyreturns the following:Generating a service account with a different name and referencing this allows the service accounts to be generated