search

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/iam/google
Apache License 2.0
197 stars 171 forks source link

target_id in below module is not accepting the organization id when set as a variable #145

Open raghu-babloo opened 2 years ago

raghu-babloo commented 2 years ago 
module "custom-roles" {
  source = "terraform-google-modules/iam/google//modules/custom_role_iam"

  target_level         = "org"
  target_id            = "xxxxxxxxxxxxx"
  role_id              = "custom_role_id"
  title                = "Custom Role Unique Title"
  description          = "Custom Role Description"
  base_roles           = ["roles/iam.serviceAccountAdmin"]
  permissions          = ["iam.roles.list", "iam.roles.create", "iam.roles.delete"]
  excluded_permissions = ["iam.serviceAccounts.setIamPolicy"]
  members              = ["user:user01@domain.com", "group:group01@domain.com"]
}

Below is the error logs which is also not accurate as the issue is with target_id is not accepting the organization id when set as a variable.

 Error: Error retrieving permissions: googleapi: Error 400: Request contains an invalid argument.
│
│   with module.security-team-org-role.data.google_iam_testable_permissions.unsupported_permissions,
│   on .terraform/modules/security-team-org-role/modules/custom_role_iam/main.tf line 35, in data "google_iam_testable_permissions" "unsupported_permissions":
│   35: data "google_iam_testable_permissions" "unsupported_permissions" {