boot-0: Errors related google_storage_bucket when running executing boot-0

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation

https://cloud.google.com/architecture/security-foundations

Apache License 2.0

1.23k stars 720 forks source link

boot-0: Errors related google_storage_bucket when running executing boot-0 #230

Closed horsey closed 4 years ago

horsey commented 4 years ago

There are a couple of errors related to 'google_storage_bucket' when boot-0 is executed.

Error: googleapi: Error 400: Invalid Value, invalid

  on .terraform/modules/seed_bootstrap/terraform-google-bootstrap-1.3.3/main.tf line 82, in resource "google_storage_bucket" "org_terraform_state":
  82: resource "google_storage_bucket" "org_terraform_state" {

Error: googleapi: Error 400: Invalid Value, invalid

  on .terraform/modules/cloudbuild_bootstrap/terraform-google-bootstrap-1.3.3/modules/cloudbuild/main.tf line 79, in resource "google_storage_bucket" "cloudbuild_artifacts":
  79: resource "google_storage_bucket" "cloudbuild_artifacts" {

Am I missing anything prior to running the 0-boot step?

rjerrems commented 4 years ago

hi @horsey - can you verify whether or not the buckets were created successfully or not? Can you share the steps you ran to reproduce this issue?

horsey commented 4 years ago

Hi @rjerrems, The buckets were not created. Steps to reproduce are:

gcloud auth login
cd 0-bootstrap
terraform apply

rjerrems commented 4 years ago

hi @horsey a few follow up questions:

Were other resources created successfully? i,e the actual projects?
Have you modified the code in any way or was it run as-is?

horsey commented 4 years ago

Hello @rjerrems

The run creates fldr-bootstrap folder with cft-cloudbuild, cft-seed projects.
- When the run stops, it creates about 56 resources of the 105
- I only created theterraform.tfvars file. Everything else remains untouched

horsey commented 4 years ago

@rjerrems I ran a terraform apply on the examples here: https://github.com/terraform-google-modules/terraform-google-bootstrap/tree/master/examples

I ran into the same issue: Error: googleapi: Error 400: Invalid Value, invalid

rjerrems commented 4 years ago

That is strange because we regularly test those code paths in integration tests. Can you please share the output of terraform version from within the 0-bootstrap directory? For context, the codebase is currently well tested with versions greater than 0.12.6 and less that 0.13.0 (not supported yet)

horsey commented 4 years ago

➜  0-bootstrap git:(master) ✗ terraform --version
Terraform v0.12.29

Your version of Terraform is out of date! The latest version
is 0.13.0. You can update by downloading from https://www.terraform.io/downloads.html

horsey commented 4 years ago

Hi @rjerrems I tried with v0.12.8. Looks to be a non-starter:

➜  0-bootstrap git:(master) ✗ ./terraform plan

Error: Call to unknown function

  on .terraform/modules/seed_bootstrap/main.tf line 25, in locals:
  25:   seed_org_depends_on         = try(google_folder_iam_member.tmp_project_creator.0.etag, "") != "" ? var.org_id : google_organization_iam_member.tmp_project_creator.0.org_id

There is no function named "try".

➜  0-bootstrap git:(master) ✗ ./terraform --version
Terraform v0.12.8
+ provider.google v3.35.0
+ provider.google-beta v3.35.0
+ provider.null v2.1.2
+ provider.random v2.3.0

Your version of Terraform is out of date! The latest version
is 0.13.0. You can update by downloading from www.terraform.io/downloads.html

rjerrems commented 4 years ago

@bharathkkb - we might need to update our min version constraint to something newer, do you know which version the try syntax was introduced?

@horsey - is the main version of terraform you are using 0.12.29?

One other possibility is that you are having a naming collision where a bucket exists with the random id generated from terraform. (although this seems unlikely for two different random ids)

Something worth trying is creating a bucket with the same name & configuration manually as what is generated from the plan output to verify that it is valid and you have the correct permissions. If you could also share the plan output for the buckets removing any PII that would be great.

bharathkkb commented 4 years ago

@rjerrems looks like 0.12.20 . We should update the docs. This error is really odd though.

If we can see the plan at least for the resource "google_storage_bucket" "org_terraform_state": resource that would be helpful. The bucket name should be something like cft-tfstate-a1b2

horsey commented 4 years ago

@rjerrems, I am open to using any version of Terraform that works well to take a run to completion. I've just initiated the project to understand how I can use CFT to streamline ops in our organisation. So any version that works well, works for me.

@bharathkkb
Strangely, I don't find a resource "google_storage_bucket" "org_terraform_state" in the plan output.

bharathkkb commented 4 years ago

@horsey Thats odd, could you share the whole plan without PII? Additionally have you overridden the default default_region?

horsey commented 4 years ago

@bharathkkb, Yes, I have overridden the default_region to "asia-south1-b" Attached the plan: pretty_plan.txt

bharathkkb commented 4 years ago

@horsey I believe it has to be a region and a zone.

horsey commented 4 years ago

@bharathkkb and @rjerrems , The region string was indeed the issue. :-( I'd love to blame the Terraform's error reporting here, but I think I'll take it was my carelessness. Apologies and thanks for your time!