While trying to create a Cloud Build Trigger using Terraform to my github repo. My Terraform configuration for the google_cloudbuild_trigger resource is as follows:
resource "google_cloudbuild_trigger" "apply_trigger" {
project = var.project_id
name = "${var.env_code}-${var.repository}-apply-trigger"
description = "Deploys ${var.repository} to ${var.environment}"
location = var.region
github {
owner = "lgrsys"
name = var.repository
push {
branch = "^${var.environment}$"
}
}
filename = var.filename
substitutions = var.substitutions
service_account = var.service_account_email
}
When running terraform plan, the evaluation seems correct:
# module.env.module.data_model_trigger.google_cloudbuild_trigger.apply_trigger will be created
+ resource "google_cloudbuild_trigger" "apply_trigger" {
+ create_time = (known after apply)
+ description = "Deploys lgr-data-model to development"
+ filename = "cloudbuild.yaml"
+ id = (known after apply)
+ location = "europe-west1"
+ name = "d-lgr-data-model-apply-trigger"
+ project = "prj-ib97"
+ service_account = "sa-proj@prj-9209.iam.gserviceaccount.com"
+ substitutions = {
+ "_SA_EMAIL" = "proj@prj-ib97.iam.gserviceaccount.com"
+ "_SECRETS_PROJECT_ID" = "prj-d-pe4c"
}
+ trigger_id = (known after apply)
+ github {
+ name = "lgr-data-model"
+ owner = "lgrsys"
+ push {
+ branch = "^development$"
}
}
}
However, when I try to apply the changes, I'm receiving the following error:
Error: Error creating Trigger: googleapi: Error 400: Request contains an invalid argument.
with module.env.module.data_model_trigger.google_cloudbuild_trigger.apply_trigger,
on ../../modules/cloudbuild/main.tf line 1, in resource "google_cloudbuild_trigger" "apply_trigger":
1: resource "google_cloudbuild_trigger" "apply_trigger"
I've verified the validity of my arguments, the permissions of the service account, and the GitHub repository connection configuration, which already exists in the target region as a 1st gen repo. What am I missing?
Noticed the same issue but unsure of the route cause, did how ever manage to find a way around the error by providing the service account in the following format
projects/{project_id}/serviceAccounts/{your_service_acccount}@{your_project}.iam.gserviceaccount.com
Setting your variable service_account_email default value to - "projects/-/serviceAccounts/sa-proj@prj-9209.iam.gserviceaccount.com"