terraformgoogle-cloud-buildterraform-provider-gcp

Terraform - Error creating Trigger: googleapi: Error 400: Request contains an invalid argument


I am trying to create a Google CloudBuild Trigger with Terraform using the resource "google_cloudbuild_trigger".

But I can't figure out what's is wrong with my configuration.

I receive the following error:

 {
   "error": {
     "code": 400,
     "message": "Request contains an invalid argument.",
     "status": "INVALID_ARGUMENT"
   }
 }
---
Error: Error creating Trigger: googleapi: Error 400: Request contains an invalid argument.
│ 
│   with module.cloudbuild.google_cloudbuild_trigger.repository_trigger,
│   on modules/google/cloud_build/cloudbuild.tf line 34, in resource "google_cloudbuild_trigger" "repository_trigger":
│   34: resource "google_cloudbuild_trigger" "repository_trigger" {
│ 

My resource is written as such:

resource "google_cloudbuild_trigger" "repository_trigger" {
  name = "${var.prefix}--repository-trigger"
  project = var.project_id
  location = var.main_google_region
  service_account = "projects/${var.project_id}/serviceAccounts/${data.google_project.project.number}@cloudbuild.gserviceaccount.com"

  repository_event_config {
    repository = google_cloudbuildv2_repository.repository.id
    push {
      branch = "^main$"
    }
  }
  include_build_logs = "INCLUDE_BUILD_LOGS_WITH_STATUS"
  filename = "cloudbuild.yaml"
  substitutions = {
   ADMIN_MAINTAINANCE_EMAIL = "...",
   ...
  }
}

The actual request sent by terraform is:

 POST /v1/projects/project-756385/locations/europe-west9/triggers?alt=json HTTP/1.1
 Host: cloudbuild.googleapis.com
 User-Agent: Terraform/1.8.0 (+https://www.terraform.io) Terraform-Plugin-SDK/2.33.0 terraform-provider-google/5.24.0
 Content-Length: 2297
 Content-Type: application/json
 Accept-Encoding: gzip

 {
  "filename": "cloudbuild.yaml",
  "includeBuildLogs": "INCLUDE_BUILD_LOGS_WITH_STATUS",
  "name": "terraform--repository-trigger",
  "repositoryEventConfig": {
   "push": {
    "branch": "^main$"
   },
   "repository": "projects/project-756385/locations/europe-west9/connections/terraform--github-connection/repositories/terraform--repository"
  },
  "serviceAccount": "projects/project-756385/serviceAccounts/736458932719@cloudbuild.gserviceaccount.com",
  "substitutions": {
   "ADMIN_MAINTAINANCE_EMAIL": "...",
   ....
  }
 }

Solution

  • The substitutions' keys in resource "google_cloudbuild_trigger" must start by an underscore (_).

    This requirement is specified in Google API documentation

    Fields
    substitutions map (key: string, value: string)
    Substitutions for Build resource.
    The keys must match the following regular expression: ^_[A-Z0-9_]+$.