terraform-google-iam icon indicating copy to clipboard operation
terraform-google-iam copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Invalid folder name for folder-iam. Module example using a folder name but it should be ID

Open snahim-g opened this issue 3 years ago • 2 comments

TL;DR

Using a folder name for the folder-iam module errors out as the folder name is invalie.

Expected behavior

Adding iam roles

Observed behavior

│ Error: Error retrieving IAM policy for folder "folders/xxx-shared-iac": googleapi: Error 400: Request contains an invalid argument. │ Details: │ [ │ { │ "@type": "type.googleapis.com/google.rpc.DebugInfo", │ "detail": "[ORIGINAL ERROR] generic::invalid_argument: com.google.apps.framework.request.BadRequestException: Invalid folder resource name: folders/xxx │ ] │ , badRequest │ │ with module.iac-folder-iam.google_folder_iam_member.folder_iam_additive["default--roles/resourcemanager.folderEditor--user:[email protected]"], │ on .terraform/modules/iac-folder-iam/modules/folders_iam/main.tf line 49, in resource "google_folder_iam_member" "folder_iam_additive": │ 49: resource "google_folder_iam_member" "folder_iam_additive" { │ ╵

Terraform Configuration

resource "google_folder" "iac_folder" {
  display_name = "${var.shared_folder_name}-iac"
  parent       = google_folder.shared_folder.id
  depends_on   = [google_folder.shared_folder]
}

module "iac-folder-iam" {
  source  = "terraform-google-modules/iam/google//modules/folders_iam"
  folders = ["${var.shared_folder_name}-iac"]

  mode = "additive"

  bindings = var.iac_folder_iam_bindings 

  conditional_bindings = var.iac_folder_conditional_bindings 
  depends_on   = [google_folder.iac_folder]
}

Terraform Version

terraform version
Terraform v1.0.9
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v4.18.0
+ provider registry.terraform.io/hashicorp/google-beta v4.18.0
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/random v3.1.2
+ provider registry.terraform.io/hashicorp/time v0.7.2

Your version of Terraform is out of date! The latest version
is 1.1.9. You can update by downloading from https://www.terraform.io/downloads.html

Additional information

Honestly not sure why my folder name would be used here? Wouldn't GCP require a folder ID?

snahim-g avatar Apr 21 '22 00:04 snahim-g

@snahim-g Thanks for the report. The folder resource "name" output from the folder resource actually has the id and is of form folders/{folder_id}. The module should accept both strings that are just ids or google_folder.iac_folder.name. Let me know if this works.

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder#name

bharathkkb avatar Apr 21 '22 02:04 bharathkkb

@bharathkkb We might want to consider changing the variable to folder_ids. Even though name is the technical definition, it's definitely confusing given the presence of display_name as well.

Changing this to FR.

morgante avatar Apr 21 '22 19:04 morgante