ps-occrp
commented
4 months ago @apeabody Can you please review this PR?
Closed ps-occrp closed 3 months ago
ps-occrp
commented
4 months ago @apeabody Can you please review this PR?
apeabody
commented
4 months ago /gcbrun
apeabody
commented
4 months ago Error: Received unexpected error:
FatalError{Underlying: error while running command: exit status 1;
Error: no project value set. `project_id` must be set at the resource level, or a default `project` value must be specified on the provider
with module.bucket.data.google_project.project,
on ../../modules/simple_bucket/main.tf line 123, in data "google_project" "project":
123: data "google_project" "project" {
}
Test: TestAll/examples/simple_bucketCan you trigger gcbrun again?
apeabody
commented
4 months ago /gcbrun
ps-occrp
commented
4 months ago assuming last run was successful, can you trigger it again? I just fixed a bug
apeabody
commented
4 months ago /gcbrun
apeabody
commented
4 months ago Error: Received unexpected error:
FatalError{Underlying: error while running command: exit status 1;
Error: Error applying IAM policy for KMS CryptoKey "projects/ci-cloud-storage-0583/locations/us/keyRings/ci-cloud-storage-0583-bucket/cryptoKeys/ci-cloud-storage-0583-bucket": Error setting IAM policy for KMS CryptoKey "projects/ci-cloud-storage-0583/locations/us/keyRings/ci-cloud-storage-0583-bucket/cryptoKeys/ci-cloud-storage-0583-bucket": googleapi: Error 400: Service account service-443806032995@gs-project-accounts.iam.gserviceaccount.com does not exist., badRequest
with module.bucket.module.encryption_key[0].google_kms_crypto_key_iam_binding.decrypters[0],
on .terraform/modules/bucket.encryption_key/main.tf line 76, in resource "google_kms_crypto_key_iam_binding" "decrypters":
76: resource "google_kms_crypto_key_iam_binding" "decrypters" {
Error: Error applying IAM policy for KMS CryptoKey "projects/ci-cloud-storage-0583/locations/us/keyRings/ci-cloud-storage-0583-bucket/cryptoKeys/ci-cloud-storage-0583-bucket": Error setting IAM policy for KMS CryptoKey "projects/ci-cloud-storage-0583/locations/us/keyRings/ci-cloud-storage-0583-bucket/cryptoKeys/ci-cloud-storage-0583-bucket": googleapi: Error 400: Service account service-443806032995@gs-project-accounts.iam.gserviceaccount.com does not exist., badRequest
with module.bucket.module.encryption_key[0].google_kms_crypto_key_iam_binding.encrypters[0],
on .terraform/modules/bucket.encryption_key/main.tf line 83, in resource "google_kms_crypto_key_iam_binding" "encrypters":
83: resource "google_kms_crypto_key_iam_binding" "encrypters" {
}
Test: TestAll/examples/simple_bucketThis looks very similar to this issue https://github.com/hashicorp/terraform-provider-google/issues/7611
Basically service account doesn't get created until api is used and in this case we want to use api after creating keys.
I'm open to implement workaround but for most of actual users this will never be an issue. Do you have any suggestion on how to move forward here?
ps-occrp
commented
4 months ago Latest commit should fix this issue. Please run gcbrun again :)
apeabody
commented
4 months ago /gcbrun
apeabody
commented
4 months ago /gcbrun
apeabody
commented
4 months ago /gcbrun
ps-occrp
commented
4 months ago Can this be merged?
apeabody
commented
3 months ago /gcbrun
This PR encrypts bucket using CMEK if default_kms_key_name is set to null in encryption block for simple_bucket submodule