search

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/iam/google
Apache License 2.0
189 stars 170 forks source link

"Error: invalid value for member" when using custom Organization Roles in "folders_iam" module #178

Closed pof-florinperte closed 1 year ago

pof-florinperte commented 1 year ago

TL;DR

I have a custom Organization role. When I try and use it with the "terraform-google-modules/iam/google//modules/folders_iam" module, I get:

Error: invalid value for member (IAM members must have one of the values outlined here: https://cloud.google.com/billing/docs/reference/rest/v1/Policy#Binding)

Expected behavior

I expect to be able to pass custom roles using the folders_iam module.

Observed behavior

│ Error: invalid value for member (IAM members must have one of the values outlined here: https://cloud.google.com/billing/docs/reference/rest/v1/Policy#Binding)
│
│   with module.folders_iam_bindings_bi_and_analytics.google_folder_iam_member.folder_iam_additive["default--organizations/1078837331876/roles/CustomBigQueryUser--gcp_org_business_intelligence_engineers@company.com"],
│   on .terraform\modules\folders_iam_bindings_bi_and_analytics\modules\folders_iam\main.tf line 53, in resource "google_folder_iam_member" "folder_iam_additive":
│   53:   member   = module.helper.bindings_additive[each.key].member
│
        * exit status 1

Terraform Configuration

module "folders_iam_bindings_ai_and_research" {
  source  = "terraform-google-modules/iam/google//modules/folders_iam"
  version = "~> 6.4"
  folders = ["624705357624"]

  bindings = {
     "organizations/1078837331876/roles/CustomBigQueryUser" = [
       "gcp_org_business_intelligence_engineers@company.com",
     ]
  }
}

Terraform Version

Terraform v1.3.3
on windows_amd64
+ provider registry.terraform.io/hashicorp/google v4.47.0

Additional information

The following doc indicates that:

Custom Roles
: If you're importing a IAM binding with a custom role, make sure to use the full name of the custom role, e.g. [projects/my-project|organizations/my-org]/roles/my-custom-role.

https://registry.terraform.io/providers/hashicorp/google/3.24.0/docs/resources/google_folder_iam_binding

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days