Closed garrettwong closed 4 years ago
Thanks for the report @garrettwong - can you share how you executed the terraform? (locally vs via cloud build)
I received the error on both methods. Following the instructions, I believe I hit the error in Cloud Build first.
When you get a chance can you confirm what project 565375199005
is, is it the cft-cloudbuild project? If so, those APIs should get enabled automatically and have explicit depends on before trying to create triggers / kms objects https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/cloudbuild/main.tf#L50
On the
1-org
Cloud Build phase, received issues on APIs and Missing Roles.An example of the API errors:
Step #3: Error: Error reading KMSKeyRing "projects/$PROJECT_ID/locations/australia-southeast1/keyRings/tf-keyring": googleapi: Error 403: Cloud Key Management Service (KMS) API has not been used in project $PROJECT_NUMBER before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudkms.googleapis.com/overview?project=$PROJECT_NUMBER then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
An example of the Roles/Permission errors:
I was able to resolve this by, enabling APIs in the Seed Project:
and adding Roles to the org-terraform service account on the Cloud Build Project: