We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 400 when trying to create a constraints/iam.serviceAccountKeyExposureResponse list constraint during apply.
constraints/iam.serviceAccountKeyExposureResponse
The policy to be created
Error 400:
Error: googleapi: Error 400: The policy contains invalid list value(s): [<deny all> is set]. Please fix the values in the policy and try again: StoragePolicy***resource=null, constraint=constraints/iam.serviceAccountKeyExposureResponse, etag=<ByteString@cc0c7a6 size=0 contents="">, updateTime=Optional.empty, policy=ListPolicy***inheritFromParent=false, unconditionalFragment=Optional[UnconditionalFragment***allValues=DENY, allowedValues=[], deniedValues=[], suggestedValue=Optional[]***], conditionalFragments=[]*** Details: [ *** "@type": "type.googleapis.com/google.rpc.BadRequest", "fieldViolations": [ *** "description": "Invalid value: [\u003cdeny all\u003e is set].", "field": "policy.list_policy.denied_all" *** ] *** ] , badRequest
terraform module "org_service_account_key_exposure_response" { for_each = { for index, folder_id in local.dev_folder_ids : index => folder_id } source = "terraform-google-modules/org-policy/google" version = "~> 3.0" enforce = null folder_id = each.value policy_for = "folder" organization_id = local.organization_id policy_type = "list" constraint = "constraints/iam.serviceAccountKeyExposureResponse" allow = ["DISABLE_KEY"] }
### Terraform Version ```sh 0.14
Whether enforce is null, false or or true, the actual policy is applied but the deny all or allow all part is not created.
The text was updated successfully, but these errors were encountered:
Hey, You need to specify allow_list_length = 1 variable as per:
allow_list_length = 1
https://github.com/terraform-google-modules/terraform-google-org-policy/#:~:text=List%20policies%20with,deny_list_length
Sorry, something went wrong.
No branches or pull requests
TL;DR
Error 400 when trying to create a
constraints/iam.serviceAccountKeyExposureResponse
list constraint during apply.Expected behavior
The policy to be created
Observed behavior
Error 400:
Terraform Configuration
Additional information
Whether enforce is null, false or or true, the actual policy is applied but the deny all or allow all part is not created.
The text was updated successfully, but these errors were encountered: