search

pulumi / pulumi-gcp

A Google Cloud Platform (GCP) Pulumi resource package, providing multi-language access to GCP
Apache License 2.0
180 stars 52 forks source link

Error applying IAM policy for project - Could not unmarshal old policy : unexpected end of JSON input #303

Closed davidmontoyago closed 1 year ago

davidmontoyago commented 4 years ago

Hi friends,

I'm new to Pulumi so please bear with me. I'm looking to provision a project policy but getting the error below. It is likely I'm not configuring the policy JSON correctly but haven't been able to find a single working example in Go or deduce it from the sources. If so please provide some guidance.

pulumi v1.13.0 in --local mode
github.com/pulumi/pulumi-gcp v2.9.0

Project policy:

account, err := serviceAccount.NewAccount(ctx, "provisioner", &serviceAccount.AccountArgs{
    AccountId:   pulumi.String("provisioner"),
    Description: pulumi.String("Provisioner persona for infra automation."),
})
if err != nil {
    return err
}

policyData := pulumi.Sprintf(`{
    "bindings":[{
        "members": ["serviceAccount:%s"],
        "role": "roles/cloudkms.admin"
    }],
    "version": 1
}`, account.Email)
policy, err := projects.NewIAMPolicy(ctx, "provisioner-iam", &projects.IAMPolicyArgs{
    PolicyData: policyData,
    Project:    pulumi.String(os.Getenv("GCP_PROJECT")),
})
if err != nil {
    return err
}

Error:

debug: Waiting for state to become: [success]
    debug: Could not unmarshal old policy : unexpected end of JSON input
    debug: Locking "iam-project-ivory-voyage-267519"  
    debug: Locked "iam-project-ivory-voyage-267519" 
    debug: Setting IAM policy for project "ivory-voyage-267519"
    debug: Setting policy "{\"bindings\":[{\"members\":[\"serviceAccount:provisioner@ivory-voyage-267519.iam.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}],\"version\":3}" for project: ivory-voyage-267519
    debug: Created bucket infra-state-store-3d0fbba at location https://www.googleapis.com/storage/v1/b/infra-state-store-3d0fbba
    debug:
    debug: Read bucket infra-state-store-3d0fbba at location https://www.googleapis.com/storage/v1/b/infra-state-store-3d0fbba
    debug:
    debug: Unlocking "iam-project-ivory-voyage-267519"
    debug: Unlocked "iam-project-ivory-voyage-267519"
    error: update failed

  gcp:projects:IAMPolicy (provisioner-iam):
    error: Error applying IAM policy for project "ivory-voyage-267519". Policy is &cloudresourcemanager.Policy{AuditConfigs:[]*cloudresourcemanager.AuditConfig(nil), Bindings:[]*cloudresourcemanager.Bindi
ng{(*cloudresourcemanager.Binding)(0xc000b461e0)}, Etag:"", Version:3, ServerResponse:googleapi.ServerResponse{HTTPStatusCode:0, Header:http.Header(nil)}, ForceSendFields:[]string(nil), NullFields:[]strin
g(nil)}, error is googleapi: Error 400: Request contains an invalid argument., badRequest
mnlumi commented 1 year ago

Hey @davidmontoyago - Do you still need assistance here? Let me know if it's okay to close this issue. Thanks!

mjeffryes commented 1 year ago

closing as stale