Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Plan Error: Cloud Resource Manager API has not been used

Tags:

google-cloud-platform

terraform

devops

google-cloud-build

terraform-provider-gcp

When I try to run

steps:
- id: Plan Terraform
  name: hashicorp/terraform:light
  args:
  - plan

in Cloud Build, I get the error:

Error: Error reading Project Service foo/cloudbuild.googleapis.com: googleapi: Error 403: Cloud Resource Manager API has not been used in project 123456789 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=123456789 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

Since the same terraform definition is working on my local machine I assume the error message is slightly misleading and it is actually a credential problem.

According to the Google Cloud docs I applied the following:

resource "google_project_iam_binding" "cloudbuild" {
  project = "bar"
  role    = "roles/editor"
  members = [
    "serviceAccount:[email protected]"
  ]
}

The error still persists, though. Any idea what might be the problem/solution here?

like image 933
abergmeier Avatar asked Apr 25 '26 06:04

abergmeier

2 Answers

Had to manually enable Cloud Resource Manager API and Service Usage API to get Terraform to work.

No real idea why it works through my local machine though. Thus this is still not totally understood/solved for me.

My guess would be that perhaps locally it uses gcloud to access these things and it gets the data another way?

Or maybe user accounts have different constraints than service accounts?

like image 115
abergmeier Avatar answered Apr 26 '26 20:04

abergmeier

It should be possible to do:

resource "google_project_service" "gcp_resource_manager_api" {
  project = var.project_id
  service = "cloudresourcemanager.googleapis.com"
}

In this way you enable the API inside your Terraform script. You could also combine it with time_sleep so that you make other resources depending on ti waiting till it is ready.

resource "time_sleep" "gcp_wait_crm_api_enabling" {
  depends_on = [
    google_project_service.gcp_resource_manager_api
  ]

  create_duration = "1m"
}

Should the above not working, then you need to include in your pipeline (assuming you are executing your TF scripts from a pipeline) the following:

  $> gcloud services enable cloudresourcemanager.googleapis.com
  --project <PROJECT ID>

As suggested in here.

like image 36
Davide Martorana Avatar answered Apr 26 '26 18:04

Davide Martorana
Sign in to Comment

Related questions

Dumping Terraform output to a local file
Why does my GKE cluster not show any events?
Is indexing a boolean or enum-like property in Datastore a bad idea for fast writes?
Transfer Google API Project ownership from an unreachable user

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!