Terraform-provider-google: Unclear error message when unauthorized: google_secret_manager_secret_version

Created on 13 Mar 2020 · 3Comments · Source: hashicorp/terraform-provider-google

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave _+1_ or _me too_ comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

This is being run on terraform cloud:

Initializing plugins and modules...
2020/03/13 22:07:36 [DEBUG] Using modified User-Agent: Terraform/0.12.23 TFC/fb328bc74e

Affected Resource(s)

google_secret_manager_secret_version

Terraform Configuration Files

Source: https://www.terraform.io/docs/providers/google/r/secret_manager_secret_version.html
resource "google_secret_manager_secret" "secret-basic" {
  provider = google-beta

  secret_id = "secret-version"

  labels = {
    label = "my-label"
  }

  replication {
    automatic = true
  }
}


resource "google_secret_manager_secret_version" "secret-version-basic" {
  provider = google-beta

  secret = google_secret_manager_secret.secret-basic.id

  secret_data = "secret-data"
}

Debug Output

Initializing plugins and modules...
2020/03/13 22:07:36 [DEBUG] Using modified User-Agent: Terraform/0.12.23 TFC/fb328bc74e
google_secret_manager_secret.secret-basic: Creating...
google_secret_manager_secret.secret-basic: Creation complete after 2s [id=projects/my-project/secrets/secret-version]
google_secret_manager_secret_version.secret-version-basic: Creating...

Error: rpc error: code = Unavailable desc = transport is closing

It turns out that this error is because the Service Account that was running TF did not have roles/secretmanager.admin. Once I granted that, the resource works as expected. Is it possible to improve the error message? It took me a fair bit of time to figure this out- it wasn't obvious because my secret version seemed to be being created in GCP.
Once I added that role to the serviceaccount, I was able to get clean runs.

bug crash

Source

geojaz

👍2

Most helpful comment

@c2thorn it would be better if the error message could give more hints.

edwardmedia on 18 Mar 2020

🎉1 👍1

All 3 comments

@c2thorn it would be better if the error message could give more hints.

edwardmedia on 18 Mar 2020

🎉1 👍1

with below permissions only

secretmanager.secrets.create
secretmanager.secrets.delete
secretmanager.secrets.get
secretmanager.versions.add
secretmanager.versions.enable
secretmanager.versions.get

2020-03-23T18:10:56.130Z [DEBUG] plugin.terraform-provider-google-beta_v3.13.0_x5:      /opt/teamcity-agent/work/5d79fe75d4
460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc/server.go:720 +0xa1
2020-03-23T18:10:56.133Z [DEBUG] plugin: plugin process exited: path=/home/sunedward/dev/tf-test/5890/.terraform/plugins/li
nux_amd64/terraform-provider-google-beta_v3.13.0_x5 pid=19394 error="exit status 2"
2020/03/23 18:10:56 [ERROR] <root>: eval: *terraform.EvalRefresh, err: rpc error: code = Unavailable desc = transport is cl
osing
2020/03/23 18:10:56 [ERROR] <root>: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is c
losing
2020/03/23 18:10:56 [TRACE] [walkRefresh] Exiting eval tree: google_secret_manager_secret_version.secret-version-basic
2020/03/23 18:10:56 [TRACE] vertex "google_secret_manager_secret_version.secret-version-basic": visit complete
2020/03/23 18:10:56 [TRACE] vertex "google_secret_manager_secret_version.secret-version-basic": dynamic subgraph encountere
d errors
2020/03/23 18:10:56 [TRACE] vertex "google_secret_manager_secret_version.secret-version-basic": visit complete
2020/03/23 18:10:56 [TRACE] dag/walk: upstream of "provider.google-beta (close)" errored, so skipping
2020/03/23 18:10:56 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2020/03/23 18:10:56 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
2020-03-23T18:10:56.133Z [DEBUG] plugin: plugin exited
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.
When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.
SECURITY WARNING: the "crash.log" file that was created may contain 
sensitive information that must be redacted before it is safe to share 
on the issue tracker.
[1]: https://github.com/hashicorp/terraform/issues
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

edwardmedia on 23 Mar 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!