Terraform-provider-google: google_storage_bucket_acl invalid value

Created on 18 Jan 2018  ·  3Comments  ·  Source: hashicorp/terraform-provider-google

Terraform Version

Terraform v0.11.2

  • provider.google: version = "~> 1.4"

Affected Resource(s)

  • google_storage_bucket_acl

Terraform Configuration Files

resource "google_service_account" "test-user" {
  account_id   = "test-user"
  display_name = "test-user"
}

data "google_iam_policy" "test-user" {
  binding {
    role = "roles/storage.objectCreator"

    members = [
      "serviceAccount:${google_service_account.test-user.email}",
    ]
  }
}

resource "google_project_iam_policy" "default" {
  project = "at-signals-platform"
  policy_data = "${data.google_iam_policy.test-user.policy_data}"
}

resource "google_storage_bucket" "test-bucket" {
  name     = "at-test-bucket-12345"
  location = "EU"
}

resource "google_storage_bucket_acl" "test-bucket" {
  bucket = "${google_storage_bucket.test-bucket.name}"

  role_entity = [
    "OWNER:${google_service_account.test-user.email}"
  ]
}

Debug Output

https://gist.github.com/Evesy/bceab6ce92aff4e68f788677dea5a2d6

Expected Behavior

Terraform should create the specified bucket ACL.

Actual Behavior

Google API returns a 400 from the request

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:
Apply terraform with the above resources

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

picture Evesy

Most helpful comment

Aha - the problem is with the config. :)

https://www.terraform.io/docs/providers/google/r/storage_bucket_acl.html points you to https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls, which tells us that you need to specify the type of user to add the ACL for.

When I change the line in role_entity to "OWNER:user-${google_service_account.test-user.email}", it works. Let me know if that doesn't help by reopening this issue.

picture ndmckinley on 19 Jan 2018
👍8 🎉1

All 3 comments

Confirming that I can reproduce and looking into it.

ndmckinley picture ndmckinley on 19 Jan 2018

Aha - the problem is with the config. :)

https://www.terraform.io/docs/providers/google/r/storage_bucket_acl.html points you to https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls, which tells us that you need to specify the type of user to add the ACL for.

When I change the line in role_entity to "OWNER:user-${google_service_account.test-user.email}", it works. Let me know if that doesn't help by reopening this issue.

ndmckinley picture ndmckinley on 19 Jan 2018
👍8 🎉1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 29 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ewbankkit picture ewbankkit  ·  4Comments
jamielennox picture jamielennox  ·  4Comments
terraform-ctc picture terraform-ctc  ·  4Comments
firstVersion picture firstVersion  ·  4Comments
wmuizelaar picture wmuizelaar  ·  4Comments