Plan Error: Cloud Resource Manager API has not been used
Question
When I try to run
steps:
- id: Plan Terraform
name: hashicorp/terraform:light
args:
- plan
in Cloud Build, I get the error:
Error: Error reading Project Service foo/cloudbuild.googleapis.com: googleapi: Error 403: Cloud Resource Manager API has not been used in project 123456789 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=123456789 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured
Since the same terraform definition is working on my local machine I assume the error message is slightly misleading and it is actually a credential problem.
According to the Google Cloud docs I applied the following:
resource "google_project_iam_binding" "cloudbuild" {
project = "bar"
role = "roles/editor"
members = [
"serviceAccount:987654321@cloudbuild.gserviceaccount.com"
]
}
The error still persists, though. Any idea what might be the problem/solution here?
3 answers
solution1
1 2020-11-23 16:10:57
It should be possible to do:
resource "google_project_service" "gcp_resource_manager_api" {
project = var.project_id
service = "cloudresourcemanager.googleapis.com"
}
In this way you enable the API inside your Terraform script. You could also combine it with time_sleep so that you make other resources depending on ti waiting till it is ready.
resource "time_sleep" "gcp_wait_crm_api_enabling" {
depends_on = [
google_project_service.gcp_resource_manager_api
]
create_duration = "1m"
}
Should the above not working , then you need to include in your pipeline (assuming you are executing your TF scripts from a pipeline) the following:
$> gcloud services enable cloudresourcemanager.googleapis.com
--project <PROJECT ID>
As suggested in here .
solution2
0 2020-07-10 09:31:58
Had to manually enable Cloud Resource Manager API and Service Usage API to get Terraform to work.
No real idea why it works through my local machine though. Thus this is still not totally understood/solved for me.
My guess would be that perhaps locally it uses gcloud to access these things and it gets the data another way?
Or maybe user accounts have different constraints than service accounts?
solution3
0 2022-02-25 00:04:06
if a user logged in by
# generating /yourhome-dir/.config/gcloud/application_default_credentials.json
- gcloud auth application-default login
but run into following error at project policy or iam related action Cloud Resource Manager API has not been used
probably there is a quota project id in application_default_credentials.json introduced by command the login cmd.
try to remove "quota project id" from the application_default_credentials.json and instead do
- gcloud config set project your-project-id
retry.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.