search

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
1.21k stars 709 forks source link

1-org deployment issue #768

Closed Atul7696 closed 2 years ago

Atul7696 commented 2 years ago

TL;DR

tfplan not gettng generated at step no 16 of 1-org documentation

Expected behavior

tf plan should create

Observed behavior

can you advise...all directory structure is as what is cloned....have tried with all service accounts organization-sa , terraform-org-sa and terraform-net-sa as well.. Any help will be highly appreciated

Terraform Configuration

Configurations are same as listed in #763. Need urgent advise on this

Terraform Version

Terraform v0.13.7

Additional information

Configurations are same as listed in #763. Need urgent advise on this. gcp-org and gcp-policies are cloned at the same level as terraform-example-foundation. have tried inside terraform-example-foundation. 0-bootstrap was successful have tried with terraform-network-sa account as well as we are enabling hub and spoke model. have used org-terrform account and with terraform-org-sa

Please provide help in this

Atul7696 commented 2 years ago

@dgulli and @organic_data @mvcap any thoughts on this. I am getting similar error and logs as mentioned in issue #619

Atul7696 commented 2 years ago

Below are the logs from cloud build

starting build "ffd1d4db-7c5c-4b7d-b3e7-0aae781b91e1"

FETCHSOURCE hint: Using 'master' as the name for the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use in all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config --global init.defaultBranch hint: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this command: hint: hint: git branch -m Initialized empty Git repository in /workspace/.git/ From https://source.developers.google.com/p/prj-b-cicd-1b28/r/gcp-org

Atul7696 commented 2 years ago

./tf-wrapper.sh plan production
* TERRAFORM PLAN ***** At environment: envs/shared

Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.

module.org_domain_restricted_sharing.data.google_organization.orgs["ourinnovationlabs.com"]: Refreshing state...

Warning: Value for undeclared variable

The root module does not declare a variable named "networks_step_terraform_service_account" but a value was found in file "terraform.tfvars". To use this value, add a "variable" block to the configuration.

Using a variables file to set an undeclared variable is deprecated and will become an error in a future release. If you wish to provide certain "global" settings to all configurations in your organization, use TFVAR... environment variables to set these instead.

Error: Attribute must be a whole number, got 2.592e+09

on .terraform/modules/bigquery_destination/modules/bigquery/main.tf line 47, in resource "google_bigquery_dataset" "dataset": 47: default_table_expiration_ms = var.expiration_days == null ? null : var.expiration_days 864 pow(10, 5)

Atul7696 commented 2 years ago

Commented the line 47 .terraform/modules/bigquery_destination/modules/bigquery/main.tf line 47 and the plan was saved successfully locally in tmp_plan

Seems issue with the terraform module. this needs to be corrected, so that it runs via pipeline when using the plan branch.

Atul7696 commented 2 years ago

closing it as redeployed the Org structure after commented below lines in tf-wrapper.sh

tf_validate "$env_path" "$env" "$policysource" "$component" gcloud beta terraform vet "${tf_env}.json" --policy-library="${policy_file_path}" --project="${project_id}" || exit 33