Error 400: Requested policy version (1) cannot be less than the existing policy version (3)
Lirt opened this issue · comments
HI,
I have following simple IAM config, which worked fine:
module "projects_iam_bindings" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
version = "~> 5.0"
project = "XXX"
mode = "additive"
"roles/errorreporting.user" = [
"group:XXX@YYY",
]
}But now second time totally randomly it shows this error:
Error: Error reading Resource "project \"XXX\"" with IAM Member: Role "roles/errorreporting.writer" Member "serviceAccount:XXX@XXX.iam.gserviceaccount.com": Error retrieving IAM policy for project "XXX": googleapi: Error 400: Requested policy version (1) cannot be less than the existing policy version (3). For more information, please refer to https://cloud.google.com/iam/docs/policies#versions., badRequest
Since I didn't manually alter any IAM setting I think that there is a different issue.
It may be connected with the new condition feature, which uses IAM policy version 3. So if Google changes the policy version, the module still wants to use version 1.
What do you think about that?
I don't know how to prove this, but I hope someone here can help me.
I don't think this is an issue with our module, please file an issue on the provider: https://github.com/terraform-providers/terraform-provider-google/issues
If it was relevant for somebody, here is the issue in `terraform-provider-google' hashicorp/terraform-provider-google#5218