I'm trying to create a data source in terraform to get information about a Google billing account.
data "google_billing_account" "ac" {
display_name = "foo-Billing"
open = true
}
But terraform throws the error Error: Billing account not found: foo-Billing which looks like my service account lacks the required permissions to do this, as the billing account definitely exists.
I'm able to run this command
gcloud projects add-iam-policy-binding main1-project --member=serviceAccount:$ID --role=roles/ROLE_NAME
which works fine with just about any other role binging except that of billing.admin which throws the error
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Role (roles/billing.admin) does not exist in the resource's hierarchy.
I'm faily new to GCP so I"m not sure how to go about fixing this.
Is there a way to grant billing.admin permissions to a service account from the command line?
Maybe another API to call or something.
I'm able to grant the permission from the UI which then makes my terraform command work, but I would like to be able grant it from the command line.
You're getting this error because you're trying to assign the billing admin role from the project level but it can only be done at the organization level.
If you have an organization, then the same command should work with a slight tweak.
gcloud organizations add-iam-policy-binding ORGANIZATION --member=serviceAccount:$ID --role=roles/billing.admin
You should be able to get a list of your organizations using
gcloud organizations list
If you don't have any, then just create one.
You'll just need a Gsuite or Cloud Identity account.