You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you terraform a new project based on a organsiation which is unaltered, you will get an issue like this in the bootstrap-phase:
➜ inception git:(kn/tf-fix-01) gcloud iam service-accounts keys create inception-sa-creds.json \
--iam-account=${inception_email}
ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Key creation is not allowed on this service account.
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
violations:
- description: Key creation is not allowed on this service account.
subject: projects/stgtest01/serviceAccounts/[email protected]?configvalue=mynameprefix-inception-tf%40stgtest01.iam.gserviceaccount.com
type: constraints/iam.disableServiceAccountKeyCreation
➜ inception git:(kn/tf-fix-01)
So this is coming from an organisational constraint which can be disabled like this:
However, this is creating a security hole which should be fixed after the platform phase (maybe even after the inception-phase).
Manually, that contraint can be activated again like this:
If you terraform a new project based on a organsiation which is unaltered, you will get an issue like this in the bootstrap-phase:
So this is coming from an organisational constraint which can be disabled like this:
However, this is creating a security hole which should be fixed after the platform phase (maybe even after the inception-phase).
Manually, that contraint can be activated again like this:
Via terraform, it can probably get activated like this:
The text was updated successfully, but these errors were encountered: