Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unsupported resource type: projects/datasets while creating gcp secret roleset with bigquery binding #96

Closed
halil-burak opened this issue Aug 26, 2020 · 0 comments · Fixed by #130
Closed

unsupported resource type: projects/datasets while creating gcp secret roleset with bigquery binding #96

halil-burak opened this issue Aug 26, 2020 · 0 comments · Fixed by #130
Assignees
@austingebauer

Comments

@halil-burak
Copy link

When I try to create a Vault GCP Secret Engine Roleset on a BigQuery Dataset, it throws "unsupported resource type: projects/datasets" error. I'm stuck on this weird error. What is the root cause?
I can see that in the below page, bigquery datasets can be added to a roleset's binding with the full resource name, but it did not work.
https://www.vaultproject.io/docs/secrets/gcp#roleset-bindings

resource "vault_gcp_secret_roleset" "dataset_access_key_test" {
  backend     = vault_gcp_secret_backend.gcp.path
  roleset     = var.roleset_name
  secret_type = "service_account_key"
  project     = var.project_id
  binding {
    # Here I've tried both the self_link attribute of the dataset and the full resource name like below. Neither of them worked.
    resource = "//bigquery.googleapis.com/projects/${var.project_id}/datasets/${var.dataset_id}"
    roles    = ["roles/bigquery.dataViewer"]
  }
}

Command output below:
vault_gcp_secret_roleset.<roleset_name>: Creating...

Error: Error writing GCP Secrets backend roleset "gcp/roleset/<roleset_name>": Error making API request.

URL: PUT https:///v1/gcp/roleset/<roleset_name>
Code: 400. Errors:

  • 2 errors occurred:
    • errors from both primary and secondary; primary error was invalid resource "//bigquery.googleapis.com/projects/<project_id>/datasets/<dataset_id>": unsupported resource type: projects/datasets; secondary errors follow
    • invalid resource "//bigquery.googleapis.com/projects/<project_id>/datasets/<dataset_id>": unsupported resource type: projects/datasets
@halil-burak halil-burak changed the title unsupported resource type: projects/datasets whi unsupported resource type: projects/datasets while creating gcp secret roleset with bigquery binding Aug 26, 2020
@austingebauer austingebauer mentioned this issue Dec 18, 2021
Merged
@austingebauer austingebauer self-assigned this Dec 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@austingebauer austingebauer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes roleset bindings for BigQuery datasets hashicorp/vault-plugin-secrets-gcp
2 participants
@halil-burak @austingebauer