Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error running step 1 - terraform apply #139

Open
chmstimoteo opened this issue Nov 7, 2024 · 1 comment
Open

Error running step 1 - terraform apply #139

chmstimoteo opened this issue Nov 7, 2024 · 1 comment
Assignees
@chmstimoteo
Labels
known issue This will not be worked on

Comments

@chmstimoteo
Copy link
Collaborator

image

Error: Error applying IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": Error setting IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": googleapi: Error 400: One or more users named in the policy do not belong to a permitted customer, perhaps due to an organization policy.

│ with google_cloud_run_service_iam_member.invoker,
│ on app.tf line 50, in resource "google_cloud_run_service_iam_member" "invoker":
│ 50: resource "google_cloud_run_service_iam_member" "invoker" {



│ Error: Request Create IAM Members roles/iam.workloadIdentityUser serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.workloadIdentityUser serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[7],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[5],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[6],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[3],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/artifactregistry.writer serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/artifactregistry.writer serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[2],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/storage.objectViewer serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/storage.objectViewer serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[0],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/iam.serviceAccountUser serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountUser serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[4],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {



│ Error: Request Create IAM Members roles/logging.logWriter serviceAccount:[email protected] for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/logging.logWriter serviceAccount:[email protected] for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account [email protected] does not exist., badRequest

│ with google_project_iam_member.cb_roles[1],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
@chmstimoteo
Copy link
Collaborator Author

Workaround:

Comment this resource block and manually assign a group of users emails to access the frontend address or set a group alias email to access that using the Cloud Console.

@chmstimoteo chmstimoteo self-assigned this Nov 7, 2024
@chmstimoteo chmstimoteo added the known issue This will not be worked on label Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chmstimoteo chmstimoteo

Labels
known issue This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chmstimoteo