Closed mgrzechocinski closed 3 years ago
Adding Service Usage Viewer
to my service account on the service project (bootstrap) fixes the issue.
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): Executing: ["/bin/sh" "-c" "python3 /###/###//.terraform/modules/project-factory/terraform-google-project-factory-8.0.0/modules/core_project_factory/scripts/preconditions/preconditions.py --billing_account=\"#######\" --credentials_path=\"/#####/#####/####-.json\" --folder_id=\"#####\" --impersonate_service_account=\"\" --org_id=\"#######\" --shared_vpc=\"\" "]
module.project-factory.module.project-factory.null_resource.preconditions: Still creating... [10s elapsed]
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): [
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): {
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "type": "Required APIs on service account project",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "name": "projects/mg-terraform-bootstrap",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "satisfied": [
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "iam.googleapis.com",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "cloudresourcemanager.googleapis.com",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "cloudbilling.googleapis.com",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "admin.googleapis.com"
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): ],
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "unsatisfied": [
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "appengine.googleapis.com"
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): ]
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): },
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): {
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "type": "Service account permissions on billing account",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "name": "billingAccounts/018F26-4A09F0-7F4B1D",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "satisfied": [
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "billing.resourceAssociations.create"
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): ],
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "unsatisfied": []
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): },
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): {
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "type": "Service account permissions on parent folder",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "name": "folders/876609625413",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "satisfied": [
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "resourcemanager.projects.create"
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): ],
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "unsatisfied": []
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): },
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): {
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "type": "Service account permissions on organization",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "name": "organizations/1003110894063",
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "satisfied": [],
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): "unsatisfied": []
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): }
module.project-factory.module.project-factory.null_resource.preconditions (local-exec): ]
I guess it should be added to the Permissions section of the README file?
I'm not sure we should actually change this, since the precondition script is mainly meant as a helper/troubleshooter. It's not necessarily required to grant the permissions to check.
closing this as preconditions script has been removed from module via #407
Hi.
I followed up the documentation to set all the required permissions and enable all the APIs on my service project which is used to create new project by Terraform, using project-factory module. This project hosts a service account which is actually used to create new projects and resources within them.
When I run
terraform apply
, I see that this module runs some custom code and the beginning, using Terraform'snull_resource
. One of them is thepreconditions.py
script. This one actually fails in the logs but the Terraform process continues normally. I'm just wondering why this could happen and how to fix it? Error:Detailed log: