search

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
1.19k stars 706 forks source link

0-bootstrap needs cloudkms api enabled on seed project - adjust reame #1142

Closed obriensystems closed 3 months ago

obriensystems commented 5 months ago

TL;DR

terraform apply
google_billing_account_iam_member.billing_admin_user["env"]: Creation complete after 20s [id=012EDD-5AD5ED-ECFF0B/roles/billing.admin/serviceAccount:sa-terraform-env@prj-b-seed-31ca.iam.gserviceaccount.com]
╷
│ Error: Error creating KeyRing: googleapi: Error 403: Cloud Key Management Service (KMS) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudkms.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

       "service": "cloudkms.googleapis.com"
│

running

michael@cloudshell:~/tef-olapp/github/terraform-example-foundation/0-bootstrap (tef-olapp)$ gcloud services enable cloudkms.googleapis.com
Operation "operations/acat.p2-153288813308-f346fb9f-e5a4-4ced-ba6a-d5b82c442f68" finished successfully.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

1.7.4

Terraform Version

1.7.4

Additional information

No response

The list is in https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/main.tf#L78

activate_apis = [
    "serviceusage.googleapis.com",
    "servicenetworking.googleapis.com",
    "cloudkms.googleapis.com",
    "compute.googleapis.com",
    "logging.googleapis.com",
    "bigquery.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "cloudbilling.googleapis.com",
    "cloudbuild.googleapis.com",
    "iam.googleapis.com",
    "admin.googleapis.com",
    "appengine.googleapis.com",
    "storage-api.googleapis.com",
    "monitoring.googleapis.com",
    "pubsub.googleapis.com",
    "securitycenter.googleapis.com",
    "accesscontextmanager.googleapis.com",
    "billingbudgets.googleapis.com",
    "essentialcontacts.googleapis.com",
    "assuredworkloads.googleapis.com",
    "cloudasset.googleapis.com"
  ]
fmichaelobrien commented 5 months ago

0-bootstrap is up with the changes from #1133 to #1143

Screenshot 2024-03-07 at 10 12 58
fmichaelobrien commented 3 months ago

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21

fmichaelobrien commented 3 months ago

fixed by

PRs merged to the terraform-example-foundation upstream repo