Join Log in
Score:0
avatar Server

Deploying a GCP cloud function: terraform throws error but via gcloud function deploy it works

br flag
HenkeZ

I'm trying to deploy a cloud function via terraform:

+ resource "google_cloudfunctions_function" "scc-function" {
  + available_memory_mb           = 256
  + description                   = "scc notification handler"
  + entry_point                   = "scc_notification_handler"
  + https_trigger_url             = (known after apply)
  + id                            = (known after apply)
  + ingress_settings              = "ALLOW_INTERNAL_ONLY"
  + labels                        = {
      + "app" = "scc_notifications_to_alerts"
    }
  + max_instances                 = 1
  + name                          = "scc_notification_handler"
  + project                       = "<redacted>"
  + region                        = "europe-west2"
  + runtime                       = "python38"
  + service_account_email         = (known after apply)
  + source_archive_bucket         = "ka-security-cloudmon-trigger"
  + source_archive_object         = "cloudmon_trigger.zip"
  + timeout                       = 60
  + vpc_connector_egress_settings = (known after apply)

  + event_trigger {
      + event_type = "google.pubsub.topic.publish"
      + resource   = "scc-notifications"

      + failure_policy {
          + retry = true
        }
    }

But it always results in:

google_cloudfunctions_function.scc-function: Creating...
Error: googleapi: Error 400: The request has violated one or more Org Policies. Please 
refer to the respective violations for more information., failedPrecondition
with google_cloudfunctions_function.scc-function,
on main.tf line 23, in resource "google_cloudfunctions_function" "scc-function":
23: resource "google_cloudfunctions_function" "scc-function"

I have looked at the org polices, logs, etc. but no joy in finding the cause.

When I run it from the cli as a "gcloud function deploy..." it deploys using the same bucket where the code is stored as a zip file.

Set Org policies:

  root:
- constraint: constraints/compute.requireOsLogin
  type: boolean
- constraint: constraints/gcp.resourceLocations
  allow:
    - in:europe-locations
- constraint: constraints/iam.allowedPolicyMemberDomains
  allow:
    - <redacted>
- constraint: constraints/sql.restrictPublicIp
  enforce: true
  type: boolean
- constraint: constraints/storage.uniformBucketLevelAccess
  enforce: true
  type: boolean
- constraint: constraints/compute.skipDefaultNetworkCreation
  enforce: true
  type: boolean

Any ideas would be greatly appreciated.

116
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.