Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM issues #333

Closed
morgante opened this issue Dec 11, 2019 · 3 comments
Closed

IAM issues #333

morgante opened this issue Dec 11, 2019 · 3 comments
Assignees
@morgante

Comments

@morgante
Copy link
Contributor

In test/setup across all CFT modules, we are currently seeing issues with adding IAM grants.

Issues look something like this:

Error: Batch "iam-project-ci-vpn-6116 modifyIamPolicy" for request "Create IAM Members roles/iam.serviceAccountUser serviceAccount:[email protected] for \"project \\\"ci-vpn-6116\\\"\"" returned error: Error applying IAM policy for project "ci-vpn-6116": Error setting IAM policy for project "ci-vpn-6116": googleapi: Error 400: Policy members must be of the form "<type>:<value>"., badRequest

  on iam.tf line 32, in resource "google_project_iam_member" "prod_int_test":
  32: resource "google_project_iam_member" "prod_int_test" {

This is likely a combination of a problem with Google Provider 2.0's IAM batch handling and the new IAM handling of deleted: members. I am investigating further.
@morgante
Copy link
Contributor Author

morgante commented Dec 11, 2019
edited
Loading

The immediate quick fix is to pin examples and test/setup to version 2.12.

@morgante morgante self-assigned this Dec 11, 2019
@morgante morgante mentioned this issue Dec 12, 2019
Merged
aaron-lane added a commit that referenced this issue Dec 13, 2019
@aaron-lane
Configure required providers in test setup
490f603 
Lock to Google 2.12.0 to avoid the IAM issue
Related to #333
@aaron-lane aaron-lane mentioned this issue Dec 13, 2019
Merged
@morgante
Copy link
Contributor Author

This will be fixed upstream here: hashicorp/terraform-provider-google#5107

@morgante
Copy link
Contributor Author

This fix is available now in the 2.20.1 version of the provider, we can now pin to ~> 2.20.1.

@bharathkkb bharathkkb mentioned this issue Dec 15, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@morgante morgante

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@morgante