Score:0

Org Policies error when creating a Cloud Function

cn flag

When trying to create a "hello world" Cloud Function, I get the error message:

"The request has violated one or more Org Policies. Please refer to the respective violations for more information."

Now, which org policies have been violated? In the Log Explorer I find the error message like this:

{
insertId: "XXX"
logName: "projects/XXX/logs/cloudaudit.googleapis.com%2Factivity"
protoPayload: {10}
receiveTimestamp: "2021-11-26T11:42:16.735011108Z"
resource: {2}
severity: "ERROR"
timestamp: "2021-11-26T11:42:16.490247Z"
}
Zeenath S N avatar
cn flag
This means that the Org Policy errors you ran into are due to [VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/troubleshooting#determine_if_an_error_is_due_to). Can you please review your [VPC Service Controls configuration](https://cloud.google.com/functions/docs/securing/using-vpc-service-controls) to understand why your VPC service controls are prohibiting your createFunction requests?
Score:1
cn flag

I found the solution to my own issue: After clicking "Create Function", I had to choose "Run time, build, connections and security settings" -> "Connections" and select an option.

No option had been selected there, I guess this was due to my project's network settings.

Now I can deploy :)

Score:0
cn flag

Logging will have the detail error.details[x].violations[x].type. The log entry states the constraint in violation.

The following log entry shows a violation for location:

"type": "constraints/gcp.resourceLocations"

Example log entry:

"error": {
  "code": 400,
  "message": "The request has violated one or more Org Policies. Please refer to the respective violations for more information."
  "status": "FAILED_PRECONDITION" 
  "details\": [
    {
      "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
      "violations": [
        {
          "type": "constraints/gcp.resourceLocations",
          "subject": "orgpolicy:projects/<project>",
          "description": "Constraint constraints/gcp.resourceLocations violated for projects/<project> attempting GenerateUploadUrlActionV1 with location set to us-central1. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information."
        }
      ]
    }
  ]
}

Org Policy Constraints

Thorsten Staerk avatar
cn flag
The log entry looks entirely different for me. I look at the Logs Explorer, where do you look?
John Hanley avatar
cn flag
@ThorstenStaerk I provided a **partial** example of the inner section showing the error key. Look in **Cloud Audit Logs** https://cloud.google.com/logging/docs/audit#types
Thorsten Staerk avatar
cn flag
Thanks for staying with me! However, I still see the same like before. I read the article you pointed me to, then, in Log Explorer I indeed found a log entry with the type "type.googleapis.com/google.cloud.audit.AuditLog". But as before, it only contains one occurrence of "ERROR" which looks like this: severity: "ERROR" timestamp: "2021-12-01T07:02:05.318337Z" so I cannot find the error key
John Hanley avatar
cn flag
@ThorstenStaerk I need to see the entire redacted log entry.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.