search

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/iam/google
Apache License 2.0
189 stars 171 forks source link

folders_iam submodule readme uses folder name instead of ID #123

Closed UmungoBungo closed 3 years ago

UmungoBungo commented 3 years ago

In the readme file for the folder IAM submodule, the folders input has a list of folder names;

module "folder-iam" {
  source  = "terraform-google-modules/iam/google//modules/folders_iam"
  folders = ["my-folder-name"]

  mode = "additive"
...

The only way I could get this submodule to work was to pass in folder IDs instead.

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

muffin87 commented 2 years ago

I discovered the same problem...

When you try to use the module like described in the usage section you get:

---[ REQUEST ]---------------------------------------
POST /v3/folders/myFolder:getIamPolicy?alt=json&prettyPrint=false HTTP/1.1
Host: cloudresourcemanager.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/1.2.5 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google/dev blueprints/terraform/terraform-google-iam:folders_iam/v7.4.1
Content-Length: 41
Content-Type: application/json
X-Goog-Api-Client: gl-go/1.18.1 gdcl/0.82.0
Accept-Encoding: gzip

{
 "options": {
  "requestedPolicyVersion": 3
 }
}

will get you

---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Thu, 18 Aug 2022 11:55:20 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "error": {
    "code": 400,
    "message": "Fail to resolve resource 'folders/myFolder'",
    "errors": [
      {
        "message": "Fail to resolve resource 'folders/myFolder'",
        "domain": "global",
        "reason": "badRequest"
      }
    ],
    "status": "INVALID_ARGUMENT"
  }
}

The fix is as @UmungoBungo mentioned to use the folderID instead. Is there an easy way (via Terraform) to get the folderID when I only know the name of the folder? As a data source I only found google_folders but that only gives me folders directly under my org unit...