google-cloud-platformterraformterraform-provider-gcp
Cloud Storage Insufficient Permission while using Terraform
I am setting up the IaC with Terraform in GCP. When I run the pipeline I am getting below error
Error: Failed to get existing workspaces: querying Cloud Storage failed: googleapi: Error 403: Insufficient Permission, insufficientPermissions
Here is my backend gcs:
data "tf_state" "my_app" {
backend = "gcs"
config = {
bucket = "my_bucket"
prefix = "envs/${module.variables.environment}/my_app"
}
}
I am able to access the content in my_bucket on console, but getting an error while running with terraform.
can anyone please let me know how to resolve this?
Solution
I have now declared Google application credentials in gitlab CI/CD variables in a json format and then using it in .gitlab.yml file.
# Environments definition
.dev:
variables:
PROJECT_ID: <projecct-id>
DEPLOYED_MODULES: "my-module"
GOOGLE_CREDENTIALS: ${GOOGLE_APPLICATION_CREDENTIALS}
TF_LOG: ""
environment:
name: dev
only:
refs:
- develop
- Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
- Google Speech to Text - Not Getting the transcription | SOLVED
- Why does Cloud Deploy not support multiple target types in one pipeline?
- CloudBuild pull status from latest run, from a specific build trigger using via CloudBuild API?
- Querying the Google Patent Data on Big Query processes way too much data
- Deleting a large folder from Google Cloud Storage
- GCP - How do you create a URL Redirect path rule with gcloud url-maps?
- API [sqladmin.googleapis.com] not enabled on project [1234].
- Error uploading file to google cloud storage
- Custom Service Account with KFP pipelines in Vertex AI
- Not able to connect mysql with SSL enforced to app engine without connecting first in cloud shell
- If the GCP pub sub Subscription Expiration is same as Subscription Message Retention will the subscription not expire
- Cloud function is not triggered by pub/sub topic
- Java application unable to find ADC when Workload Identity is enabled on GKE cluster
- Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
- How to download a pushed Odoo release and upload to Github
- GCP authentication when testing a container in the local development environment
- GAE: find project name by project number
- Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
- Google Cloud Bigtable vs Google Cloud Datastore
- Batch job submission error "Failed to process all documents", uris seem correct?
- 401 Unauthorized when installing Python package from Artifacts registry for Google Build
- Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
- Accessing users account with service account
- Firestore exception occurred in retry method that was not classified as transient
- Managed Service Provider on Google Cloud Platform
- Stripe Error: No signatures found matching the expected signature for payload
- Error --accelerator unrecognized argument when launching gcloud beta ai-platform versions create API
- invalid_request when calling https://sts.googleapis.com/v1/token API
- How to upload a file to Google Cloud Storage on Python 3?