What IAM permissions do I need to give a role for developing the provider? #1306
Comments
|
@danawillow any chance you can help @darrenhaken and I resolve this so we can work on #1300 ? It seems extremely strange as we've created a brand new project and created a service account with the following IAM roles:
And we're still seeing this. I feel like the 403 is a red herring and something else is actually wrong in the way we're setting credentials. @darrenhaken can you please post the output from the test run with TF_LOG=DEBUG |
|
I think we may have got to the bottom of this... will update soon! |
|
@darrenhaken @Stono any updates? You're right that I can't really tell what's going on without debug logs. I'm also inclined to agree that the 403 is likely a red herring, but I'd double check to make sure you're using the service account you think you are (it should say in the debug logs how you're authenticating) |
|
Hey Dana
Yup, actually stumbled across a race condition in TF. Will detail in an
issue more in the morning!
Karl
…On Mon, 9 Apr 2018, 10:10 pm Dana Hoffman, ***@***.***> wrote:
@darrenhaken <https://github.com/darrenhaken> @Stono
<https://github.com/Stono> any updates? You're right that I can't really
tell what's going on without debug logs. I'm also inclined to agree that
the 403 is likely a red herring, but I'd double check to make sure you're
using the service account you think you are (it should say in the debug
logs how you're authenticating)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1306 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABaviSAi0ckVuYIUwI0P2bkCdVFtp8cMks5tm85NgaJpZM4TK-aA>
.
|
|
@darrenhaken please close this issue in favour of #1313 which highlights the issue was due to a bad IAM policy caused by race conditions in TF |
|
Closed |
|
Hi - I'm hitting this issue but despite reading the related issues I cannot figure out the fix. I have the latest terraform and my service account has owner permission on the project with the shared VPC. Thanks |
|
Hey @bluemalkin, can you file a separate issue and fill out the issue template (including debug logs)? Thanks! |
|
@danawillow sure #1711 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
I've picked up #1300 which is my first Google provider contrib but I've tried to run one of the tests and I receive this error:
Can anyone offer advice on what IAM permissions I'd need?
We have been using TF for a while and not seen this issue before.
The text was updated successfully, but these errors were encountered: