rjerrems
commented
4 years ago Thanks for the report @garrettwong - can you share how you executed the terraform? (locally vs via cloud build)
Closed garrettwong closed 4 years ago
rjerrems
commented
4 years ago Thanks for the report @garrettwong - can you share how you executed the terraform? (locally vs via cloud build)
garrettwong
commented
4 years ago I received the error on both methods. Following the instructions, I believe I hit the error in Cloud Build first.
rjerrems
commented
4 years ago When you get a chance can you confirm what project 565375199005 is, is it the cft-cloudbuild project? If so, those APIs should get enabled automatically and have explicit depends on before trying to create triggers / kms objects https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/cloudbuild/main.tf#L50
On the
1-orgCloud Build phase, received issues on APIs and Missing Roles.An example of the API errors:
Step #3: Error: Error reading KMSKeyRing "projects/$PROJECT_ID/locations/australia-southeast1/keyRings/tf-keyring": googleapi: Error 403: Cloud Key Management Service (KMS) API has not been used in project $PROJECT_NUMBER before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudkms.googleapis.com/overview?project=$PROJECT_NUMBER then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.An example of the Roles/Permission errors:
I was able to resolve this by, enabling APIs in the Seed Project:
and adding Roles to the org-terraform service account on the Cloud Build Project: