You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
Terraform resources should get applied in the project with id 9876, for which the google provider was configured.
Actual Behavior
While the plan looks correct, the apply fails, as the project, where terraform tries to apply the resources, is not the correct one with id 9876 but 1234.
# Output got slightly changed to redact sensitive data
google_container_analysis_note.note["A"]: Creating...
google_container_analysis_note.note["B"]: Creating...
google_container_analysis_note.note["C"]: Creating...
╷
│ Error: Error creating Note: googleapi: Error 403: Container Analysis API has not been used in project 1234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│ {
│ "@type":"type.googleapis.com/google.rpc.Help",
│ "links": [
│ {
│ "description":"Google developers console API activation",
│ "url":"https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234[93](https://gitlab.com/some_link_to_the_job)"
│ }
│ ]
│ },
│ {
│ "@type":"type.googleapis.com/google.rpc.ErrorInfo",
│ "domain":"googleapis.com",
│ "metadata": {
│ "consumer":"projects/[94](https://gitlab.com/some_link_to_the_job,│ "service": "containeranalysis.googleapis.com"│ },│ "reason": "SERVICE_DISABLED"│ }│ ]│ │ with google_container_analysis_note.note["A"],│ on gke.tf line 229, in resource "google_container_analysis_note""note":│ 229: resource "google_container_analysis_note""note" {│ ╵╷│ Error: Error creating Note: googleapi: Error 403: Container Analysis API has not been used in project 1234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.│ Details:│ [│ {│ "@type": "type.googleapis.com/google.rpc.Help",│ "links": [│ {│ "description": "Google developers console API activation",│ "url": "https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234[101](https://gitlab.com/some_link_to_the_job"
│ }
│ ]
│ },
│ {
│ "@type":"type.googleapis.com/google.rpc.ErrorInfo",
│ "domain":"googleapis.com",
│ "metadata": {
│ "consumer":"projects/1234",
│ "service":"containeranalysis.googleapis.com"
│ },
│ "reason":"SERVICE_DISABLED"
│ }
│ ]
│
│ with google_container_analysis_note.note["B"],
│ on gke.tf line 229, in resource "google_container_analysis_note""note":
│ 229: resource"google_container_analysis_note""note" {
│
╵
╷
│ Error: Error creating Note: googleapi: Error 403: Container Analysis API has not been used in project 1234 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│ {
│ "@type":"type.googleapis.com/google.rpc.Help",
│ "links": [
│ {
│ "description":"Google developers console API activation",
│ "url":"https://console.developers.google.com/apis/api/containeranalysis.googleapis.com/overview?project=1234"
│ }
│ ]
│ },
│ {
│ "@type":"type.googleapis.com/google.rpc.ErrorInfo",
│ "domain":"googleapis.com",
│ "metadata": {
│ "consumer":"projects/1234",
│ "service":"containeranalysis.googleapis.com"
│ },
│ "reason":"SERVICE_DISABLED"
│ }
│ ]
│
│ with google_container_analysis_note.note["C"],
│ on gke.tf line 229, in resource "google_container_analysis_note""note":
│ 229:resource"google_container_analysis_note""note" {
│
╵
Also creating the above mentioned resources manually via the UI and adding import blocks to the terraform code leads to the same error:
The used service account in the terraform pipeline is located in project 1234 (our control project) but its rights got inherited into project 9876 (our application project).
References
No response
b/352822945
b/352823299
The text was updated successfully, but these errors were encountered:
Community Note
Terraform Version & Provider Version(s)
Terraform v1.8.4
on darwin_arm64
Affected Resource(s)
google_binary_authorization_policy
google_container_analysis_note
google_binary_authorization_attestor
Terraform Configuration
Debug Output
No response
Expected Behavior
Terraform resources should get applied in the project with id 9876, for which the google provider was configured.
Actual Behavior
While the plan looks correct, the apply fails, as the project, where terraform tries to apply the resources, is not the correct one with id 9876 but 1234.
Also creating the above mentioned resources manually via the UI and adding import blocks to the terraform code leads to the same error:
Steps to reproduce
terraform apply
Important Factoids
The used service account in the terraform pipeline is located in project 1234 (our control project) but its rights got inherited into project 9876 (our application project).
References
No response
b/352822945
b/352823299
The text was updated successfully, but these errors were encountered: