Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google_iam_workload_identity_pool requires explicit project argument to be specified #17969

Open
paololazzari opened this issue Apr 26, 2024 · 1 comment
Open

google_iam_workload_identity_pool requires explicit project argument to be specified #17969

paololazzari opened this issue Apr 26, 2024 · 1 comment
Assignees
@ggtisc
Labels
bug forward/review In review; remove label to forward service/iam-wlid waiting-response

Comments

@paololazzari
Copy link

paololazzari commented Apr 26, 2024
edited

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version

Terraform v1.7.2
on darwin_arm64

  • provider registry.terraform.io/hashicorp/google v5.25.0

Affected Resource(s)

google_iam_workload_identity_pool

Terraform Configuration

This configuration:

resource "google_iam_workload_identity_pool" "github_identity_pool" {
  workload_identity_pool_id = "github-pool"
  display_name              = "GitHub Actions Pool"
  disabled                  = false
}

results in:

Error: Error creating WorkloadIdentityPool: googleapi: Error 403: Permission 'iam.workloadIdentityPools.create' denied on resource '//iam.googleapis.com/projects/myprojectid/locations/global' (or it may not exist).

whereas this works:

resource "google_iam_workload_identity_pool" "github_identity_pool" {
  workload_identity_pool_id = "github-pool"
  display_name              = "GitHub Actions Pool"
  disabled                  = false
  project                   = "myprojectid"
}
@github-actions github-actions bot added forward/review In review; remove label to forward service/iam-wlid labels Apr 26, 2024
@ggtisc ggtisc self-assigned this May 2, 2024
@ggtisc
Copy link
Collaborator

ggtisc commented May 2, 2024

Hi @paololazzari!

This issue was replicated in both ways and the results were successfully without errors with the terraform version and Google version provided.

The project is an attribute that you need to have in your terraform configuration to work with terraform resources, it may be declared in different ways. If your SDK isn't recognizing it you may check your environment to see how it is declared. You can learn more in this link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggtisc ggtisc

Labels
bug forward/review In review; remove label to forward service/iam-wlid waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paololazzari @ggtisc