Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0-bootstrap needs iam api enabled on seed project - adjust reame #1140

Closed
obriensystems opened this issue Mar 6, 2024 · 3 comments
Closed

0-bootstrap needs iam api enabled on seed project - adjust reame #1140

obriensystems opened this issue Mar 6, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@obriensystems
Copy link
Contributor

obriensystems commented Mar 6, 2024
edited
Loading

TL;DR

michael@cloudshell:~/tef-olapp/github/terraform-example-foundation/0-bootstrap (tef-olapp)$ gcloud services enable iam.googleapis.com
Operation "operations/acat.p2-153288813308-7f675593-6ea2-4bcc-ac0c-09b4d227de62" finished successfully.

Expected behavior

No response

Observed behavior

during apply
oogle_service_account.terraform-env-sa["proj"]: Creating...
google_service_account.terraform-env-sa["org"]: Creating...
google_service_account.terraform-env-sa["env"]: Creating...
google_service_account.terraform-env-sa["net"]: Creating...
module.seed_bootstrap.data.google_storage_project_service_account.gcs_account: Read complete after 1s [id=service-830013448499@gs-project-accounts.iam.gserviceaccount.com]
module.seed_bootstrap.module.enable_cross_project_service_account_usage.google_project_organization_policy.project_policy_boolean[0]: Creation complete after 1s [id=prj-b-seed-31ca:constraints/iam.disableCrossProjectServiceAccountUsage]
╷
│ Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with google_service_account.terraform-env-sa["env"],
│   on sa.tf line 140, in resource "google_service_account" "terraform-env-sa":
│  140: resource "google_service_account" "terraform-env-sa" {
│ 
╵
╷
│ Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with google_service_account.terraform-env-sa["proj"],
│   on sa.tf line 140, in resource "google_service_account" "terraform-env-sa":
│  140: resource "google_service_account" "terraform-env-sa" {
│ 
╵
╷
│ Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with google_service_account.terraform-env-sa["bootstrap"],
│   on sa.tf line 140, in resource "google_service_account" "terraform-env-sa":
│  140: resource "google_service_account" "terraform-env-sa" {
│ 
╵
╷
│ Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with google_service_account.terraform-env-sa["org"],
│   on sa.tf line 140, in resource "google_service_account" "terraform-env-sa":
│  140: resource "google_service_account" "terraform-env-sa" {
│ 
╵
╷
│ Error: Error creating service account: googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with google_service_account.terraform-env-sa["net"],
│   on sa.tf line 140, in resource "google_service_account" "terraform-env-sa":
│  140: resource "google_service_account" "terraform-env-sa" {
│ 
╵
╷
│ Error: Error creating KeyRing: googleapi: Error 403: Cloud Key Management Service (KMS) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudkms.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/cloudkms.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "cloudkms.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ 
│   with module.seed_bootstrap.module.kms[0].google_kms_key_ring.key_ring,
│   on .terraform/modules/seed_bootstrap.kms/main.tf line 21, in resource "google_kms_key_ring" "key_ring":
│   21: resource "google_kms_key_ring" "key_ring" {
│ 
╵
╷
│ Error: error listing service accounts on project prj-b-seed-31ca: failed to list service accounts on project "prj-b-seed-31ca": googleapi: Error 403: Identity and Access Management (IAM) API has not been used in project tef-olapp before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/iam.googleapis.com/overview?project=tef-olapp"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/tef-olapp",
│       "service": "iam.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│ 
│   with module.seed_bootstrap.module.seed_project.module.project-factory.google_project_default_service_accounts.default_service_accounts[0],
│   on .terraform/modules/seed_bootstrap.seed_project/modules/core_project_factory/main.tf line 134, in resource "google_project_default_service_accounts" "default_service_accounts":
│  134: resource "google_project_default_service_accounts" "default_service_accounts" {
│ ```

### Terraform Configuration

```hcl
shell

Terraform Version

1.7.4

Additional information

No response

The list is in
https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/main.tf#L78

activate_apis = [
    "serviceusage.googleapis.com",
    "servicenetworking.googleapis.com",
    "cloudkms.googleapis.com",
    "compute.googleapis.com",
    "logging.googleapis.com",
    "bigquery.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "cloudbilling.googleapis.com",
    "cloudbuild.googleapis.com",
    "iam.googleapis.com",
    "admin.googleapis.com",
    "appengine.googleapis.com",
    "storage-api.googleapis.com",
    "monitoring.googleapis.com",
    "pubsub.googleapis.com",
    "securitycenter.googleapis.com",
    "accesscontextmanager.googleapis.com",
    "billingbudgets.googleapis.com",
    "essentialcontacts.googleapis.com",
    "assuredworkloads.googleapis.com",
    "cloudasset.googleapis.com"
  ]
@obriensystems obriensystems added the bug Something isn't working label Mar 6, 2024
This was referenced Mar 6, 2024
Closed
Closed
Closed
@fmichaelobrien
Copy link
Contributor

0-bootstrap is up with the changes from #1133 to #1143
Screenshot 2024-03-07 at 10 12 58

This was referenced Mar 27, 2024
Closed
Merged
@fmichaelobrien
Copy link
Contributor

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21

@fmichaelobrien
Copy link
Contributor

fixed by

PRs merged to the terraform-example-foundation upstream repo

@obriensystems obriensystems mentioned this issue May 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obriensystems @fmichaelobrien