Terraform Apply failing

[Felipe Chamas Biondi]

I'm facing these errors when trying to Apply my terraform Plan and create resources:



IAM resources:


Is this the necessary configuration to make a HTTP request to my Gateway? The documentation o this part of Terraform is a little unclear to me.

Thanks!!!

[Felipe Chamas Biondi]

Images did not upload...

Errors:

Error: Error applying IAM policy for apigateway api "projects/...": Error setting IAM policy for apigateway api "projects/...": googleapi: Error 400: Invalid argument: 'An invalid argument was specified. Please check the fields and try again.'

Error: Error applying IAM policy for apigateway apiconfig "projects/...": Error setting IAM policy for apigateway apiconfig "projects/...": googleapi: Error 400: Invalid argument: 'An invalid argument was specified. Please check the fields and try again.'

Error: Error applying IAM policy for apigateway gateway "projects/...": Error setting IAM policy for apigateway gateway "projects/...": googleapi: Error 400: Invalid argument: 'An invalid argument was specified. Please check the fields and try again.'

IAM Resources (text):

resource "google_api_gateway_api_iam_member" "api_viewer" {

  provider = google-beta

  api      = google_api_gateway_api.api.api_id

  role     = "roles/apigateway.viewer"

  member   = "allUsers"

}

resource "google_api_gateway_gateway_iam_member" "gateway_viewer" {

  provider = google-beta

  gateway  = google_api_gateway_gateway.api_gw.gateway_id

  region   = google_api_gateway_gateway.api_gw.region

  role     = "roles/apigateway.viewer"

  member   = "allUsers"

}

resource "google_api_gateway_api_config_iam_member" "config_viewer" {

  provider   = google-beta

  api        = google_api_gateway_api_config.api_config.api

  api_config = google_api_gateway_api_config.api_config.api_config_id

  role       = "roles/apigateway.viewer"

  member     = "allUsers"

}

[Josh Einhorn]

Hi Felipe,

JFYI this terraform provider was not authored by Google directly (see the original PR). You may want to post something over there or try to reach the original author.

Is there some way of turning on verbose logging so Terraform prints out the actual API calls it is making? The errors are all indicating a malformed request, so without seeing API calls, I'm afraid I can't be of much help.

-Josh

--
You received this message because you are subscribed to the Google Groups "api-gateway-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-gateway-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/10fac59a-2090-4e9b-b2d0-108294466b8en%40googlegroups.com.

--

Josh Einhorn |

Software Engineer |

joshe...@google.com |

1-215-837-1102

[Felipe Chamas Biondi]

Oh, I see! Thank you for the clarification, I'm going to ask them and try to log the requests!

[Felipe Chamas Biondi]

Trying to add the permission to my Gateway through the console: Members of type allUsers and allAuthenticatedUsers cannot be added to this resource 

I'm starting to think adding  roles/apigateway.viewer  to allUsers  is not what I want. I want to connect to my gateway without needing to login on google. 

[Josh Einhorn]

I'm starting to think adding  roles/apigateway.viewer  to allUsers  is not what I want. I want to connect to my gateway without needing to login on google. 

Ah, yes that is not what you want then. API Gateway is not like Cloud Run or GCF... the Gateway is open to all users by default. It is up to you to configure the security mechanism in your API Config (i.e. OpenAPI doc) e.g. API Key and/or JWT authentication.

The apigateway.viewer role is to get read-only access to the resources of the API Gateway service e.g. viewing metadata of APIs, API Configs, and Gateways.

-Josh

To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/09d259b4-166e-44b9-afac-073691902e1an%40googlegroups.com.