githubterraformgoogle-cloud-build

Error 400: Request contains an invalid argument while creating google_cloudbuild_trigger resource in Terraform from github source


While trying to create a Cloud Build Trigger using Terraform to my github repo. My Terraform configuration for the google_cloudbuild_trigger resource is as follows:

resource "google_cloudbuild_trigger" "apply_trigger" {
  project  = var.project_id
  name     = "${var.env_code}-${var.repository}-apply-trigger"
  description = "Deploys ${var.repository} to ${var.environment}"
  location = var.region

  github {
    owner = "lgrsys"
    name  = var.repository
    push {
      branch = "^${var.environment}$"
    }
  }

  filename        = var.filename
  substitutions   = var.substitutions
  service_account = var.service_account_email
}

When running terraform plan, the evaluation seems correct:

# module.env.module.data_model_trigger.google_cloudbuild_trigger.apply_trigger will be created
+ resource "google_cloudbuild_trigger" "apply_trigger" {
    + create_time     = (known after apply)
    + description     = "Deploys lgr-data-model to development"
    + filename        = "cloudbuild.yaml"
    + id              = (known after apply)
    + location        = "europe-west1"
    + name            = "d-lgr-data-model-apply-trigger"
    + project         = "prj-ib97"
    + service_account = "sa-proj@prj-9209.iam.gserviceaccount.com"
    + substitutions   = {
        + "_SA_EMAIL"           = "proj@prj-ib97.iam.gserviceaccount.com"
        + "_SECRETS_PROJECT_ID" = "prj-d-pe4c"
      }
    + trigger_id      = (known after apply)
    + github {
        + name  = "lgr-data-model"
        + owner = "lgrsys"
        + push {
            + branch = "^development$"
          }
      }
  }

However, when I try to apply the changes, I'm receiving the following error:

Error: Error creating Trigger: googleapi: Error 400: Request contains an invalid argument.
  with module.env.module.data_model_trigger.google_cloudbuild_trigger.apply_trigger,
  on ../../modules/cloudbuild/main.tf line 1, in resource "google_cloudbuild_trigger" "apply_trigger":
   1: resource "google_cloudbuild_trigger" "apply_trigger" 

I've verified the validity of my arguments, the permissions of the service account, and the GitHub repository connection configuration, which already exists in the target region as a 1st gen repo. What am I missing?


Solution

  • Noticed the same issue but unsure of the route cause, did how ever manage to find a way around the error by providing the service account in the following format

    projects/{project_id}/serviceAccounts/{your_service_acccount}@{your_project}.iam.gserviceaccount.com
    

    Setting your variable service_account_email default value to - "projects/-/serviceAccounts/sa-proj@prj-9209.iam.gserviceaccount.com"