Terraform Regular Service Perimeter Failing due to Invalid Directional Policy

[ankitsr92]

TL;DR

Terraform Plan shows 14 objects to create

13 objects for each project in the perimeter-: resource "google_access_context_manager_service_perimeter_resource" "service_perimeter_resource" 1 resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" use_explicit_dry_run_spec = false

Then regular service perimeter is getting created first and failing that the project is not in the list of projects under service perimeter.

Expected behavior

Able to create the perimeter

Observed behavior

No response

Terraform Configuration

module "<name>" {
  source         = "terraform-google-modules/vpc-service-controls/google//modules/regular_service_perimeter"
  version        = "5.2.1"
  policy         = var.org_policy_id
  perimeter_name = "<name>_${var.env}"

  restricted_services = var.restricted_services                         
  resources           = var.env == "dev" ? local.data_platform_ids : [] 
ingress_policies = var.env == "dev" ? [
    {
      "from" = { "sources" = { resources = [], access_levels = [module.<name>.name]
        },
        "identity_type" = "ANY_IDENTITY", 
        "identities"    = []
      }
      "to" = { "resources" = ["*"], 
        "operations" = { "*" = { "methods" = ["*"] } }
      }
    }
	]
  egress_policies = var.env == "dev" ? [

    {
      "from" = { "identity_type" = "ANY_IDENTITY",
        "identities" = []
      }
      "to" = { "resources" = formatlist("projects/%s", var.projects),
        "operations" = { "*" = { "methods" = ["*"] }
        }
      }
    }
]

Terraform Version

1.3.0

Additional information

No response

[ankitsr92]

│ Error: Error creating ServicePerimeter: googleapi: Error 400: Invalid Directional Policies set in Perimeter 'accessPolicies//servicePerimeters/': Error in IngressTo: 'projects/' is defined in IngressTo.resources, but it is not present in ServicePerimeterConfig.resources. Only resources protected by this Service Perimeter can be put in IngressTo.resources. │ │ with module..google_access_context_manager_service_perimeter.regular_service_perimeter, │ on .terraform/modules//modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter": │ 21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" { │

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days