Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error applying IAM policy for service account after running terraform apply for creating gks cluster #74

Closed
pancudaniel7 opened this issue Apr 26, 2020 · 4 comments
Closed

Error applying IAM policy for service account after running terraform apply for creating gks cluster #74

pancudaniel7 opened this issue Apr 26, 2020 · 4 comments
Labels
area/docs area/terraform kind/bug released

Comments

@pancudaniel7
Copy link

pancudaniel7 commented Apr 26, 2020
edited
Loading

After running terraform apply using terraform file

module "jx" {
  source  = "jenkins-x/jx/google"

  gcp_project = "<my-gcp-project-id>"
}

At the end of process I get:

Error: Error applying IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-vo@x-project-275408.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-vo@x-project-275408.iam.gserviceaccount.com': googleapi: Error 400: Identity namespace does not exist (x-project-275408.svc.id.goog)., badRequest

on .terraform/modules/jx/terraform-google-jx-1.2.5/modules/backup/main.tf line 44, in resource "google_service_account_iam_member" "velero_sa_workload_identity_user":
44: resource "google_service_account_iam_member" "velero_sa_workload_identity_user" {

Error: Error applying IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-bc@x-project-275408.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-bc@x-project-275408.iam.gserviceaccount.com': googleapi: Error 400: Identity namespace does not exist (x-project-275408.svc.id.goog)., badRequest

on .terraform/modules/jx/terraform-google-jx-1.2.5/modules/cluster/serviceaccount.tf line 73, in resource "google_service_account_iam_member" "build_controller_sa_workload_identity_user":
73: resource "google_service_account_iam_member" "build_controller_sa_workload_identity_user" {

Error: Error applying IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-ko@x-project-275408.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-ko@x-project-275408.iam.gserviceaccount.com': googleapi: Error 400: Identity namespace does not exist (x-project-275408.svc.id.goog)., badRequest

on .terraform/modules/jx/terraform-google-jx-1.2.5/modules/cluster/serviceaccount.tf line 124, in resource "google_service_account_iam_member" "kaniko_sa_workload_identity_user":
124: resource "google_service_account_iam_member" "kaniko_sa_workload_identity_user" {

Error: Error applying IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-tekton@x-project-275408.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/x-project-275408/serviceAccounts/tf-jx-arriving-frog-tekton@x-project-275408.iam.gserviceaccount.com': googleapi: Error 400: Identity namespace does not exist (x-project-275408.svc.id.goog)., badRequest

on .terraform/modules/jx/terraform-google-jx-1.2.5/modules/cluster/serviceaccount.tf line 133, in resource "google_service_account_iam_member" "tekton_sa_workload_identity_user":
133: resource "google_service_account_iam_member" "tekton_sa_workload_identity_user" {
@pancudaniel7 pancudaniel7 changed the title Error applying IAM policy for service account Error applying IAM policy for service account after running terraform apply Apr 26, 2020
@pancudaniel7 pancudaniel7 changed the title Error applying IAM policy for service account after running terraform apply Error applying IAM policy for service account after running terraform apply for creating gks cluster Apr 26, 2020
@hferentschik
Copy link
Contributor

hferentschik commented Apr 27, 2020
edited
Loading

Have you tried re-running terraform apply? I have seen timing issues sometimes which results in similar errors. It worked the second time around.

hferentschik added a commit to hferentschik/terraform-google-jx that referenced this issue Apr 28, 2020
@hferentschik
fix: adding note to README about use of jx-requiremnts.yml
9d83a70 
The generated jx-requirments.yml should only be used on initial `jx boot`

fixes jenkins-x#74
@hferentschik hferentschik mentioned this issue Apr 28, 2020
Merged
hferentschik added a commit to hferentschik/terraform-google-jx that referenced this issue May 4, 2020
@hferentschik
fix: adding note to README about use of jx-requiremnts.yml
f123f66 
The generated jx-requirments.yml should only be used on initial `jx boot`

fixes jenkins-x#74
hferentschik added a commit that referenced this issue May 4, 2020
@hferentschik
fix: adding note to README about use of jx-requiremnts.yml
1f26b87 
The generated jx-requirments.yml should only be used on initial `jx boot`

fixes #74
@hferentschik
Copy link
Contributor

🎉 This issue has been resolved in version 1.3.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@cprovencher
Copy link

@hferentschik getting same error in version 1.3.2

on .terraform/modules/jx/terraform-google-jx-1.3.2/modules/backup/main.tf line 44, in resource "google_service_account_iam_member" "velero_sa_workload_identity_user":
44: resource "google_service_account_iam_member" "velero_sa_workload_identity_user" {

@cprovencher cprovencher mentioned this issue May 11, 2020
Closed
@mayankkhullar
Copy link

Please enable IAM Policy API from GCP console , I did it and it worked

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/docs area/terraform kind/bug released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hferentschik @mayankkhullar @cprovencher @pancudaniel7