search

terraform-google-modules / terraform-google-project-factory

Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs
https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
Apache License 2.0
825 stars 533 forks source link

Service account service-PROJECT_ID@gcp-sa-vpcaccess.iam.gserviceaccount.com does not exist #917

Closed red8888 closed 2 weeks ago

red8888 commented 2 months ago

TL;DR

I'm accessing a VPC connector inside the shared VPC not the service project.

I did this manually before I needed to grant this GSA access to the role: "service-PROJECT_NUMBER@serverless-robot-prod.iam.gserviceaccount.com" "roles/vpcaccess.user"

Expected behavior

I should be able to setup access to vpc access connector in host project not just service project.

Observed behavior

Not supported? I see serverless-robot referenced no where.

Terraform Configuration

module "shared_vpc_access" {
  source              = "terraform-google-modules/project-factory/google//modules/shared_vpc_access"
  enable_shared_vpc_service_project = false
  host_project_id     = data.google_compute_network.xxx.project
  service_project_id  = data.google_project.xxx.project_id
  grant_services_security_admin_role = true
  active_apis         = [
    "container.googleapis.com",
    "vpcaccess.googleapis.com",
  ]
  shared_vpc_subnets  = [
    data.google_compute_subnetwork.xxx.id,
  ]
}

Terraform Version

Terraform v1.7.1
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v5.31.1
+ provider registry.terraform.io/hashicorp/google-beta v5.31.1

Additional information

No response

github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days