missing networkconnectivity service agent #997
Description
TL;DR
etting shared_vpc_subnets and activate_apis include "networkconnectivity.googleapi.com".
then apply error with
googleapi: Error 400: Service account service-<ProjectNumber>@gcp-sa-networkconnectivity.iam.gserviceaccount.com does not exist., invalidIamPolicy
Expected behavior
appy with no error
Observed behavior
api enabled but not yet create service agent.
Terraform Configuration
module "project-factory" {
source = "terraform-google-modules/project-factory/google"
version = "~> 18.0"
name = var.project_name
project_id = var.project_id
random_project_id = false
org_id = var.org_id
folder_id = var.folder_id
billing_account = data.google_secret_manager_secret_version.billing_account_id.secret_data
svpc_host_project_id = var.shared_vpc_host_project_id
group_name = var.group_name
activate_apis = [
"artifactregistry.googleapis.com",
"certificatemanager.googleapis.com",
"cloudresourcemanager.googleapis.com",
"cloudscheduler.googleapis.com",
"compute.googleapis.com",
"container.googleapis.com",
"dns.googleapis.com",
"eventarc.googleapis.com",
"iam.googleapis.com",
"iamcredentials.googleapis.com",
"iap.googleapis.com",
"networkconnectivity.googleapis.com",
"secretmanager.googleapis.com",
"servicenetworking.googleapis.com",
"sts.googleapis.com",
"vpcaccess.googleapis.com",
"cloudtasks.googleapis.com",
"sqladmin.googleapis.com",
"servicemanagement.googleapis.com",
"servicecontrol.googleapis.com",
"endpoints.googleapis.com",
]
shared_vpc_subnets = var.shared_vpc_subnets
}Terraform Version
terraform version
Terraform v1.12.2
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v6.26.0
+ provider registry.terraform.io/hashicorp/google-beta v6.45.0
+ provider registry.terraform.io/hashicorp/null v3.2.4
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1Terraform Provider Versions
terraform providers
Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/google] ~> 6.26.0
├── provider[registry.terraform.io/hashicorp/google-beta]
└── module.project-factory
├── provider[registry.terraform.io/hashicorp/google] >= 5.41.0, < 7.0.0
├── provider[registry.terraform.io/hashicorp/google-beta] >= 5.41.0, < 7.0.0
├── module.project-factory
│ ├── provider[registry.terraform.io/hashicorp/null] >= 2.1.0
│ ├── provider[registry.terraform.io/hashicorp/random] >= 2.2.0
│ ├── provider[registry.terraform.io/hashicorp/time] >= 0.5.0
│ ├── provider[registry.terraform.io/hashicorp/google] >= 5.41.0, < 7.0.0
│ ├── provider[registry.terraform.io/hashicorp/google-beta] >= 5.41.0, < 7.0.0
│ └── module.project_services
│ ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.43.0, < 7.0.0
│ └── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 7.0.0
├── module.quotas
│ └── provider[registry.terraform.io/hashicorp/google-beta] >= 4.11.0, < 7.0.0
├── module.shared_vpc_access
│ ├── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 7.0.0
│ └── provider[registry.terraform.io/hashicorp/google-beta] >= 3.43.0, < 7.0.0
├── module.budget
│ └── provider[registry.terraform.io/hashicorp/google] >= 4.28.0, < 7.0.0
├── module.essential_contacts
│ ├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.43.0, < 7.0.0
│ └── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 7.0.0
└── module.gsuite_group
└── provider[registry.terraform.io/hashicorp/google] >= 3.43.0, < 7.0.0Additional information
service agent force create with https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_service_identity