Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iam_binding/iam_member #5443

Closed
michyliao opened this issue Jan 20, 2020 · 3 comments
Closed

iam_binding/iam_member #5443

michyliao opened this issue Jan 20, 2020 · 3 comments
Assignees
@edwardmedia
Labels
question waiting-response

Comments

@michyliao
Copy link
Contributor

michyliao commented Jan 20, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

0.12.13

Affected Resource(s)

google_project_iam_member

Terraform Configuration Files

// no work
resource "google_project_iam_member" "iam_member" {
  project = "${var.project}"
  role    = "${var.custom_role}"
  member  = "serviceAccount:${module.service-account1.email}"
}

// works
resource "google_project_iam_member" "iam_member2" { 
  project = "${var.project}"
  role    = "${var.another_role}"
  member  = "serviceAccount:${module.service-account1.email}"
}

Debug Output

{
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "error": {
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "code": 400,
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "message": "The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}".",
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "errors": [
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: {
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "message": "The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}".",
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "domain": "global",
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "reason": "badRequest"
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: }
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: ],
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: "status": "INVALID_ARGUMENT"
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: }
2020-01-20T17:05:19.429-0500 [DEBUG] plugin.terraform-provider-google_v3.4.0_x5: }

Actual Behavior

service account with the following custom role permission

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000

Hi there,

I am running into the issue where some iam_member modules applies and others return this error. For some reason, my custom role is not applying where is it in the same format that it is erroring out. I am following the same format in all my cases, and works when i manually add, but through terraform it doesn't apply. Any idea why?

Terraform Plan
  + resource "google_project_iam_member" "iam_member" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:buildbot@<project id>.gserviceaccount.com"
      + project = "<project_id>"
      + role    = "projects/<project_id>/roles/<custom role id>"
    }
@ghost ghost added the bug label Jan 20, 2020
@edwardmedia edwardmedia self-assigned this Jan 22, 2020
@edwardmedia
Copy link
Contributor

@michyliao I need a little more info from you so I can help repro the issue. I have no idea when you say some iam_member modules applies and others return this error.. Can you specify the differences? Also could you post your full debug logs for both cases? Thanks

@edwardmedia
Copy link
Contributor

@michyliao Custom Role is at Alpha stage. The provider has not supported it yet.

@ghost
Copy link

ghost commented Jun 12, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Jun 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@edwardmedia edwardmedia

Labels
question waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michyliao @edwardmedia