shared env notification and billing errors

[binojjose]

Already have image (with digest): gcr.io/cft-cloudbuild-4755/terraform
refs doesn't match production; skipping
objects doesn't match production; skipping
logs doesn't match production; skipping
info doesn't match production; skipping
hooks doesn't match production; skipping
branches doesn't match production; skipping
*************** TERRAFORM APPLY *******************
At environment: envs/shared

---

module.scc_notification.null_resource.run_command[0]: Destroying... [id=2306951872708403525]
module.scc_notification.null_resource.run_command[0]: Destruction complete after 0s
module.scc_notification.null_resource.run_command[0]: Creating...
module.scc_notification.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.scc_notification.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/workspace/envs/shared/.terraform/modules/scc_notification/cache/92afd467/google-cloud-sdk/bin:$PATH\ngcloud alpha scc notifications create scc-notify --organization 530422362351 \\r\n--description "SCC Notification for all active findings" \\r\n--pubsub-topic projects/prj-c-scc-2d29/topics/top-scc-notification \\r\n--filter "state=\"ACTIVE\"" \\r\n--project "prj-c-scc-2d29" \\r\n--impersonate-service-account=[email protected]\r\n\n"]
module.org_billing_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/c7619ff5-7d8a-4106-9f70-7bc47d9c640f]
module.org_audit_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/320db1bc-5595-4893-801d-f540fe97ee22]
module.interconnect.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/1431611f-70ec-4c11-bef5-87ad93917948]
module.org_secrets.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/7e59dab2-95d7-4719-98cc-64650e7cb2eb]
module.scc_notifications.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/5a35b56e-5612-4d02-94c2-6d1b147ca2bf]
module.dns_hub.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/bd86edf8-a33f-4865-b2e2-078221047086]
module.scc_notification.null_resource.run_command[0] (local-exec): ERROR: (gcloud.alpha.scc.notifications.create) unrecognized arguments:

module.scc_notification.null_resource.run_command[0] (local-exec): To search the help text of gcloud commands, run:
module.scc_notification.null_resource.run_command[0] (local-exec): gcloud help -- SEARCH_TERMS
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 3: --description: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 4: --pubsub-topic: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 5: --filter: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 6: --project: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 7: --impersonate-service-account=[email protected]
module.scc_notification.null_resource.run_command[0] (local-exec): : not found

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/bd86edf8-a33f-4865-b2e2-078221047086": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/1431611f-70ec-4c11-bef5-87ad93917948": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/c7619ff5-7d8a-4106-9f70-7bc47d9c640f": googleapi: Error 400: Request contains an invalid argument.

Error: Error running command 'PATH=/workspace/envs/shared/.terraform/modules/scc_notification/cache/92afd467/google-cloud-sdk/bin:$PATH
gcloud alpha scc notifications create scc-notify --organization 530422362351
--description "SCC Notification for all active findings"
--pubsub-topic projects/prj-c-scc-2d29/topics/top-scc-notification
--filter "state="ACTIVE""
--project "prj-c-scc-2d29"
--impersonate-service-account=[email protected]

': exit status 127. Output: ERROR: (gcloud.alpha.scc.notifications.create) unrecognized arguments:

To search the help text of gcloud commands, run:
gcloud help -- SEARCH_TERMS
/bin/sh: 3: --description: not found
/bin/sh: 4: --pubsub-topic: not found
/bin/sh: 5: --filter: not found
/bin/sh: 6: --project: not found
/bin/sh: 7: --impersonate-service-account=[email protected]

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/5a35b56e-5612-4d02-94c2-6d1b147ca2bf": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/320db1bc-5595-4893-801d-f540fe97ee22": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/7e59dab2-95d7-4719-98cc-64650e7cb2eb": googleapi: Error 400: Request contains an invalid argument.

[bharathkkb]

Hi @binojjose
This seems like a provider issue hashicorp/terraform-provider-google#8228 and will likely be fixed in the next provider release. We can keep this open to confirm

[m0ps]

@binojjose
to fix the following error:

': exit status 127. Output: ERROR: (gcloud.alpha.scc.notifications.create) unrecognized arguments:

you need to complete SCC initialization via Console.

[binojjose]

Thanks @bharathkkb and @m0ps
I have finished setting up Security Command Center for our org. I choose standard free version from the choice. It created a service account and I have given the requested roles to that service account.

However on running terraform, I getting the same error. Is there some permissions I am messing up? Do I need to do anything other than going through the setup on the console, like giving permissions to some other account for terraform ?

Latest output below.

Already have image (with digest): gcr.io/cft-cloudbuild-4755/terraform
refs doesn't match production; skipping
objects doesn't match production; skipping
logs doesn't match production; skipping
info doesn't match production; skipping
hooks doesn't match production; skipping
branches doesn't match production; skipping
*************** TERRAFORM APPLY *******************
At environment: envs/shared

---

module.scc_notification.null_resource.run_command[0]: Destroying... [id=769732660852973219]
module.scc_notification.null_resource.run_command[0]: Destruction complete after 0s
module.scc_notification.null_resource.run_command[0]: Creating...
module.scc_notification.null_resource.run_command[0]: Provisioning with 'local-exec'...
module.scc_notification.null_resource.run_command[0] (local-exec): Executing: ["/bin/sh" "-c" "PATH=/workspace/envs/shared/.terraform/modules/scc_notification/cache/92afd467/google-cloud-sdk/bin:$PATH\ngcloud alpha scc notifications create scc-notify --organization 530422362351 \\r\n--description "SCC Notification for all active findings" \\r\n--pubsub-topic projects/prj-c-scc-2d29/topics/top-scc-notification \\r\n--filter "state=\"ACTIVE\"" \\r\n--project "prj-c-scc-2d29" \\r\n--impersonate-service-account=[email protected]\r\n\n"]
module.scc_notifications.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/5a35b56e-5612-4d02-94c2-6d1b147ca2bf]
module.org_secrets.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/7e59dab2-95d7-4719-98cc-64650e7cb2eb]
module.interconnect.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/1431611f-70ec-4c11-bef5-87ad93917948]
module.org_billing_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/c7619ff5-7d8a-4106-9f70-7bc47d9c640f]
module.dns_hub.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/bd86edf8-a33f-4865-b2e2-078221047086]
module.org_audit_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/013E20-C4B731-1378D1/budgets/320db1bc-5595-4893-801d-f540fe97ee22]
module.scc_notification.null_resource.run_command[0] (local-exec): ERROR: (gcloud.alpha.scc.notifications.create) unrecognized arguments:

module.scc_notification.null_resource.run_command[0] (local-exec): To search the help text of gcloud commands, run:
module.scc_notification.null_resource.run_command[0] (local-exec): gcloud help -- SEARCH_TERMS
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 3: --description: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 4: --pubsub-topic: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 5: --filter: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 6: --project: not found
module.scc_notification.null_resource.run_command[0] (local-exec): /bin/sh: 7: --impersonate-service-account=[email protected]
module.scc_notification.null_resource.run_command[0] (local-exec): : not found

Error: Error running command 'PATH=/workspace/envs/shared/.terraform/modules/scc_notification/cache/92afd467/google-cloud-sdk/bin:$PATH
gcloud alpha scc notifications create scc-notify --organization 530422362351
--description "SCC Notification for all active findings"
--pubsub-topic projects/prj-c-scc-2d29/topics/top-scc-notification
--filter "state="ACTIVE""
--project "prj-c-scc-2d29"
--impersonate-service-account=[email protected]

': exit status 127. Output: ERROR: (gcloud.alpha.scc.notifications.create) unrecognized arguments:

To search the help text of gcloud commands, run:
gcloud help -- SEARCH_TERMS
/bin/sh: 3: --description: not found
/bin/sh: 4: --pubsub-topic: not found
/bin/sh: 5: --filter: not found
/bin/sh: 6: --project: not found
/bin/sh: 7: --impersonate-service-account=[email protected]

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/1431611f-70ec-4c11-bef5-87ad93917948": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/320db1bc-5595-4893-801d-f540fe97ee22": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/5a35b56e-5612-4d02-94c2-6d1b147ca2bf": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/c7619ff5-7d8a-4106-9f70-7bc47d9c640f": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/bd86edf8-a33f-4865-b2e2-078221047086": googleapi: Error 400: Request contains an invalid argument.

Error: Error updating Budget "billingAccounts/013E20-C4B731-1378D1/budgets/7e59dab2-95d7-4719-98cc-64650e7cb2eb": googleapi: Error 400: Request contains an invalid argument.

[ipv1337]

Do we know which provider version this should be fixed in? I'm trying with provider v3.54 and still seeing that this issue is still occurring.

[igp-rechano]

The fix has been included in v3.55 but I'm still getting the error:

*************** TERRAFORM APPLY *******************
      At environment: envs/shared 
***************************************************
module.org_secrets.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/3b225320-9694-490b-baa1-ed4af5d3aee6]
module.dns_hub.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/53b2120c-74b6-4ed4-95f8-746278d58d82]
module.scc_notifications.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/89e290c9-aa4e-437d-ba63-c2b73197f37a]
module.org_billing_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/2d3c102f-3520-41e3-a7ea-1d17e1c48d76]
module.org_audit_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/13d530ce-cf5f-4a14-a933-e95adbc7db9b]
module.interconnect.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/3bfa5171-9904-4abf-be24-91869dbb0376]

Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/89e290c9-aa4e-437d-ba63-c2b73197f37a": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/13d530ce-cf5f-4a14-a933-e95adbc7db9b": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/3b225320-9694-490b-baa1-ed4af5d3aee6": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/53b2120c-74b6-4ed4-95f8-746278d58d82": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/2d3c102f-3520-41e3-a7ea-1d17e1c48d76": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/3bfa5171-9904-4abf-be24-91869dbb0376": googleapi: Error 400: Request contains an invalid argument.

[igp-rechano]

The fix has been included in v3.55 but I'm still getting the error:

*************** TERRAFORM APPLY *******************
      At environment: envs/shared 
***************************************************
module.org_secrets.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/3b225320-9694-490b-baa1-ed4af5d3aee6]
module.dns_hub.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/53b2120c-74b6-4ed4-95f8-746278d58d82]
module.scc_notifications.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/89e290c9-aa4e-437d-ba63-c2b73197f37a]
module.org_billing_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/2d3c102f-3520-41e3-a7ea-1d17e1c48d76]
module.org_audit_logs.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/13d530ce-cf5f-4a14-a933-e95adbc7db9b]
module.interconnect.module.budget.google_billing_budget.budget[0]: Modifying... [id=billingAccounts/010242-36A3D4-902E43/budgets/3bfa5171-9904-4abf-be24-91869dbb0376]

Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/89e290c9-aa4e-437d-ba63-c2b73197f37a": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/13d530ce-cf5f-4a14-a933-e95adbc7db9b": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/3b225320-9694-490b-baa1-ed4af5d3aee6": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/53b2120c-74b6-4ed4-95f8-746278d58d82": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/2d3c102f-3520-41e3-a7ea-1d17e1c48d76": googleapi: Error 400: Request contains an invalid argument.



Error: Error updating Budget "billingAccounts/010242-36A3D4-902E43/budgets/3bfa5171-9904-4abf-be24-91869dbb0376": googleapi: Error 400: Request contains an invalid argument.

Ok, looks like it's actually fixed! I got the error when I retry from Cloud Build but a manual terraform apply did not get this error.

[ipv1337]

Confirmed the newest provider is working well so far even on cloud build. I saw that we're on 3.56.

Back in business!

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days