terraform-provider-google: Unable to add storage bucket to project - billing cannot be assigned

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
If an issue is assigned to the “modular-magician” user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to “hashibot”, a community member has claimed the issue already.

Terraform Version

Terraform v0.11.13

Affected Resource(s)

google_project

Terraform Configuration Files

resource “google_project” “Project” { name = “${var.project_name}”

project_id = “${local.project_id}”

folder_id = “${data.google_folder.test.name}”

billing_account = “${var.gcp_billing_account}” auto_create_network = false }

resource “google_project_services” “services” { project = “${google_project.Project.number}”

services = [ “compute.googleapis.com”, “cloudresourcemanager.googleapis.com”, “oslogin.googleapis.com”, “iam.googleapis.com”, “cloudbilling.googleapis.com”, “storage-component.googleapis.com”, “admin.googleapis.com”, “appengine.googleapis.com”, ]

provisioner “local-exec” { command = “sleep 30” }

depends_on = [“google_project.Project”] }

resource “google_storage_bucket” “default_project_bucket” { name = “${var.project_name}-general-storage” project = “${google_project.Project.name}” storage_class = “MULTI_REGIONAL” location = “US”

logging { log_bucket = “${”${google_project.Project.name}“}-logs” } }

Debug Output

Panic Output

Expected Behavior

The project should be created with billing enabled and a storage account, but it seems permissions or other are getting in the way. The account running terraform is a service account which has access across the project and should be able to complete this task.

Actual Behavior

google_project.Project: 1 error(s) occurred:
google_project.Project: Error setting billing account “removed-for-safety” for project “projects/project-testing-4324573”: googleapi: Error 403: The caller does not have permission, forbidden

Steps to Reproduce

terraform apply

Important Factoids

References

#0000

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 5
Comments: 26 (4 by maintainers)

Commits related to this issue

separate project and state bucket deployment to avoid https://github.com/terraform-providers/terraform-provider-google/issues/3429 PiperOrigin-RevId: 285058476 — committed to GoogleCloudPlatform/healthcare by umairidris 5 years ago
separate project and state bucket deployment to avoid https://github.com/terraform-providers/terraform-provider-google/issues/3429 PiperOrigin-RevId: 285058476 — committed to GoogleCloudPlatform/healthcare by umairidris 5 years ago
separate project and state bucket deployment to avoid https://github.com/terraform-providers/terraform-provider-google/issues/3429 PiperOrigin-RevId: 285190313 — committed to GoogleCloudPlatform/healthcare by umairidris 5 years ago

Most upvoted comments

I added a sleep into the project create step, and now it works every time:

https://github.com/EngineerBetter/concourse-gcp-tf-bootstrap/blob/master/tf/pipeline-reqs.tf#L30-L32

I’m pretty sure that adding sleeps to Terraform means that I’ll be going to hell.

DanielJonesEB on Aug 11, 2019