Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should check gcloud project Id when fetching ADCs #702

Open
stevenyslee opened this issue Feb 16, 2024 · 4 comments
Open

Should check gcloud project Id when fetching ADCs #702

stevenyslee opened this issue Feb 16, 2024 · 4 comments

Comments

@stevenyslee
Copy link

https://github.com/golang/oauth2/blob/ebe81ad83719fe3426335b22e40a1e3a76fa45c0/google/default.go#L36

Should get the quota project when fetching ADCs. This has caused terraform apply to fail with:

│ Error: Error creating Policy: failed to create a diff: failed to retrieve Policy resource: googleapi: Error 403: Your application is authenticating by using local Application Default Credentials. The orgpolicy.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds .
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/764086051850",
│       "service": "orgpolicy.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ 
│   with module.cs-org-policy-storage_publicAccessPrevention.google_org_policy_policy.org_policy_boolean[0],
│   on .terraform/modules/cs-org-policy-storage_publicAccessPrevention/modules/org_policy_v2/boolean_constraints.tf line 20, in resource "google_org_policy_policy" "org_policy_boolean":
│   20: resource "google_org_policy_policy" "org_policy_boolean" {

despite the billing and quota project being set in gcloud.
@jado06
Copy link

jado06 commented Apr 26, 2024

I'm running into the same issue. I noticed in my case, the project number showing up does not match the quota project's number:

"consumer": "projects/764086051850"

Have you found a fix?

@stevenyslee
Copy link
Author

I was able to get around it by manually setting the project in the environment variable

export USER_PROJECT_OVERRIDE=true # force resources to send a billing project
export GOOGLE_BILLING_PROJECT=your-quota-project # override the billing project for all resources
terraform apply

@stevenyslee stevenyslee reopened this Apr 29, 2024
@taisph
Copy link

taisph commented Apr 30, 2024
edited

I was able to get around it by manually setting the project in the environment variable

You can also configure the provider instead of using environment variables.

provider "google" {
  region                = "europe-west10"
  project               = "my-project"
  billing_project       = "my-project"
  user_project_override = true
}

This was referenced May 1, 2024
Open
Closed
@jado06
Copy link

jado06 commented May 2, 2024

Thank you both, that workaround worked for me.

That being said, since the original issue still persists, I'm sharing the Github issue I created for it for reference. Feel free to add a thumbs up for additional visibility from the product team.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@taisph @stevenyslee @jado06