Giters

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud

Home Page:https://registry.terraform.io/modules/terraform-google-modules/iam/google

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

folders_iam submodule readme uses folder name instead of ID

UmungoBungo opened this issue · comments

commented

In the readme file for the folder IAM submodule, the folders input has a list of folder names;

module "folder-iam" {
  source  = "terraform-google-modules/iam/google//modules/folders_iam"
  folders = ["my-folder-name"]

  mode = "additive"
...

The only way I could get this submodule to work was to pass in folder IDs instead.

commented

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

commented

I discovered the same problem...

When you try to use the module like described in the usage section you get:

---[ REQUEST ]---------------------------------------
POST /v3/folders/myFolder:getIamPolicy?alt=json&prettyPrint=false HTTP/1.1
Host: cloudresourcemanager.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/1.2.5 (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google/dev blueprints/terraform/terraform-google-iam:folders_iam/v7.4.1
Content-Length: 41
Content-Type: application/json
X-Goog-Api-Client: gl-go/1.18.1 gdcl/0.82.0
Accept-Encoding: gzip

{
 "options": {
  "requestedPolicyVersion": 3
 }
}

will get you

---[ RESPONSE ]--------------------------------------
HTTP/2.0 400 Bad Request
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Thu, 18 Aug 2022 11:55:20 GMT
Server: ESF
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
  "error": {
    "code": 400,
    "message": "Fail to resolve resource 'folders/myFolder'",
    "errors": [
      {
        "message": "Fail to resolve resource 'folders/myFolder'",
        "domain": "global",
        "reason": "badRequest"
      }
    ],
    "status": "INVALID_ARGUMENT"
  }
}

The fix is as @UmungoBungo mentioned to use the folderID instead.
Is there an easy way (via Terraform) to get the folderID when I only know the name of the folder?
As a data source I only found google_folders but that only gives me folders directly under my org unit...