0

I'm trying to create a Google Cloud project using Terraform (specifically the terraform-google-modules/project-factory module), but I consistently receive the following error:

Error: error creating project XXX (XXX): googleapi: Error 400: Operation disallowed by Organization Policy constraint due to missing or incorrect Tags Details: [ { "@type": "type.googleapis.com/google.rpc.PreconditionFailure" } ] , failedPrecondition. If you received a 403 error, make sure you have the roles/resourcemanager.projectCreator permission

My setup:

  • Terraform module: terraform-google-modules/project-factory

  • Creating project under a folder

  • Using a service account for automation

  • I ran gcloud org-policies list --organization=ORG_ID to check for tag-related constraints like constraints/resourcemanager.[requireProjectTags/allowProjectTags/allowedProjectParent], but none are set at the org level.

  • Org policies was created by defaut by google.

  • I also checked at the project and folder level and didn't see any enforced tag constraints.

  • My service account has roles/resourcemanager.projectCreator, roles/billing.user, and roles/tagUser.

  • I can create a project in the folder with the same service account and the google CLI.

Improve this question

1 Answer 1

Reset to default
0

The project-factory module add automatically labels on the GCP project. (I.e., effective_labels, terraform_labels) without using labels inputs.

When adding labels with same labels give by the plan, that works.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.