terraform-example-foundation
terraform-example-foundation copied to clipboard
Published
20 hours ago •
terraform-google-modules
terraform-google-modules
Reading of groups fails on pipeline
TL;DR
Locally, terraform init/plan/apply works flawlessly.
When using GithubActions, the pipeline fails with:
Error: Error when reading or editing CloudIdentityGroup "groups/123456": googleapi: Error 403: Error(2028): Permission denied for resource groups/123456 (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ResourceInfo",
"description": "Error(2028): Permission denied for resource groups/123456 (or it may not exist).",
"owner": "domain:cloudidentity.googleapis.com",
"resourceName": "groups/123456",
"resourceType": "cloudidentity.googleapis.com/Group"
}
]
Expected behavior
For the pipeline to finish successfully
Observed behavior
No response
Terraform Configuration
org_id = "123456" # format "000000000000"
billing_account = "123-456-789" # format "000000-000000-000000"
groups = {
create_required_groups = true
create_optional_groups = true
billing_project = "default-billing-project-123456"
required_groups = {
group_org_admins = "[email protected]"
group_billing_admins = "[email protected]"
billing_data_users = "[email protected]"
audit_data_users = "[email protected]"
monitoring_workspace_users = "[email protected]"
}
optional_groups = {
gcp_security_reviewer = "[email protected]"
gcp_network_viewer = "[email protected]"
gcp_scc_admin = "[email protected]"
gcp_global_secrets_admin = "[email protected]"
gcp_kms_admin = "[email protected]"
}
}
default_region = "europe-west1"
gh_repos = {
owner = "ARepo",
bootstrap = "GCP-BOOTSTRAP",
organization = "GCP-ORG",
environments = "GCP-ENV",
networks = "GCP-NET",
projects = "GCP-PROJ",
}
Terraform Version
terraform_version: 1.3
Additional information
No response
