search

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/iam/google
Apache License 2.0
189 stars 171 forks source link

Input format for service_account_id in google_service_account_iam_member has changed which is breaking service_account-iam-bindings module #146

Closed imrannayer closed 2 years ago

imrannayer commented 2 years ago

TL;DR

Input format for service_account_id in google_service_account_iam_member has changed which is breaking service_account-iam-bindings module

Expected behavior

It should be able to assign permission to service account.

Observed behavior

It is throwing following error:


Error: "service_account_id" ("projects/myprj_id_1/serviceAccounts/my-dummy-service-account") doesn't match regexp "projects/(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?)|-)/serviceAccounts/((?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))@[a-z]+.gserviceaccount.com$|[0-9]{1,20}-compute@developer.gserviceaccount.com|[a-z](?:[-a-z0-9]{4,28}[a-z0-9])@[-a-z0-9\\.]{1,63}\\.iam\\.gserviceaccount\\.com$)"

Terraform Configuration

resource "google_service_account_iam_member" "admin-account-iam" {
  service_account_id = "projects/myprj_id_1/serviceAccounts/my-dummy-service-account"
  role               = "roles/iam.serviceAccountUser"
  member             = "user:user1@google.com"
}

Terraform Version

Terraform v1.0.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v3.53.0
+ provider registry.terraform.io/hashicorp/google-beta v3.53.0

Additional information

It seems like an API change.

10562

imrannayer commented 2 years ago

This is not a bug. Document needs an update to reflect the correct input parameter format.