Closed sunilrdsouza closed 1 year ago
Hi @sunilrdsouza,
i think your constraint id is just missing the s
. Could you try
constraint = "cloudfunctions.allowedIngressSettings"
instead of
constraint = "cloudfunctions.allowedIngressSetting"
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
TL;DR
Trying to create a policy using terraform-google-modules/org-policy/google//modules/org_policy_v2 but it fails. I have tried to apply for both "organization" and "folder" similar error
### Error while applying on Organization
module.org_cloudfunction_allowedingress.google_org_policy_policy.organization_policy[0]: Creating... ╷ │ Error: Error creating Policy: googleapi: Error 404: Requested entity was not found. │ │ with module.org_cloudfunction_allowedingress.google_org_policy_policy.organization_policy[0], odules\org_policy_v2\list_constraints.tf line 20, in resource "google_org_policy_policy" "organization_policy": │ 20: resource "google_org_policy_policy" "organization_policy" { │ ╵
__### Error while applying on Folder
module.org_cloudfunction_allowedingress.google_org_policy_policy.folder_policy[0]: Creating... ╷ │ Error: Error creating Policy: googleapi: Error 404: Requested entity was not found. │ │ with module.org_cloudfunction_allowedingress.google_org_policy_policy.folder_policy[0], │ on .terraform\modules\org_cloudfunction_allowedingress\modules\org_policy_v2\list_constraints.tf line 56, in resource "google_org_policy_policy" "folder_policy": │ 56: resource "google_org_policy_policy" "folder_policy" { │ ╵ Releasing state lock. This may take a few moments...
Expected behavior
Expectations:
Policy for Allowed ingress settings (Cloud Functions) Effective policy for organization "xxxxxxxxx" This is the result of merging policies in the resource hierarchy and evaluating conditions. The policy does not have a condition set because it is a computed policy across multiple resources.
Allowed: ALLOW_INTERNAL_AND_GCLB
Custom policy The rules below have been configured for the currently-selected resource's custom policy. Policy enforcement: Replace parent Rule 1 Allowed : is:ALLOW_INTERNAL_AND_GCLB Condition -
Observed behavior
$ terraform.exe apply Acquiring state lock. This may take a few moments... data.google_client_config.current: Reading... data.google_client_config.current: Read complete after 1s [id=projects//regions//zones/]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
module.org_cloudfunction_allowedingress.google_org_policy_policy.organization_policy[0] will be created
resource "google_org_policy_policy" "organization_policy" {
id = (known after apply)
name = "organizations/69664836181/policies/cloudfunctions.allowedIngressSetting"
parent = "organizations/69664836181"
spec {
etag = (known after apply)
update_time = (known after apply)
rules {
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.
Enter a value: yes module.org_cloudfunction_allowedingress.google_org_policy_policy.organization_policy[0]: Creating... ╷ │ Error: Error creating Policy: googleapi: Error 404: Requested entity was not found. │ │ with module.org_cloudfunction_allowedingress.google_org_policy_policy.organization_policy[0],
Terraform Configuration
Terraform Version
Additional information
No response