Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

google_storage_bucket_acl invalid value #976

Closed
Evesy opened this issue Jan 18, 2018 · 3 comments
Closed

google_storage_bucket_acl invalid value #976

Evesy opened this issue Jan 18, 2018 · 3 comments
Assignees

Comments

@Evesy
Copy link

Evesy commented Jan 18, 2018

Terraform Version

Terraform v0.11.2

  • provider.google: version = "~> 1.4"

Affected Resource(s)

  • google_storage_bucket_acl

Terraform Configuration Files

resource "google_service_account" "test-user" {
  account_id   = "test-user"
  display_name = "test-user"
}

data "google_iam_policy" "test-user" {
  binding {
    role = "roles/storage.objectCreator"

    members = [
      "serviceAccount:${google_service_account.test-user.email}",
    ]
  }
}

resource "google_project_iam_policy" "default" {
  project = "at-signals-platform"
  policy_data = "${data.google_iam_policy.test-user.policy_data}"
}

resource "google_storage_bucket" "test-bucket" {
  name     = "at-test-bucket-12345"
  location = "EU"
}

resource "google_storage_bucket_acl" "test-bucket" {
  bucket = "${google_storage_bucket.test-bucket.name}"

  role_entity = [
    "OWNER:${google_service_account.test-user.email}"
  ]
}

Debug Output

https://gist.github.com/Evesy/bceab6ce92aff4e68f788677dea5a2d6

Expected Behavior

Terraform should create the specified bucket ACL.

Actual Behavior

Google API returns a 400 from the request

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:
Apply terraform with the above resources

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

@nat-henderson nat-henderson self-assigned this Jan 19, 2018
@nat-henderson
Copy link
Contributor

Confirming that I can reproduce and looking into it.

@nat-henderson
Copy link
Contributor

Aha - the problem is with the config. :)

https://www.terraform.io/docs/providers/google/r/storage_bucket_acl.html points you to https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls, which tells us that you need to specify the type of user to add the ACL for.

When I change the line in role_entity to "OWNER:user-${google_service_account.test-user.email}", it works. Let me know if that doesn't help by reopening this issue.

modular-magician added a commit to modular-magician/terraform-provider-google that referenced this issue Sep 27, 2019
@ghost
Copy link

ghost commented Mar 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants