Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating Database: googleapi: Error 403: The client is not authorized to make this request., notAuthorized #16894

Open
ramosdelucas opened this issue Jan 3, 2024 · 3 comments
Open

Error creating Database: googleapi: Error 403: The client is not authorized to make this request., notAuthorized #16894

ramosdelucas opened this issue Jan 3, 2024 · 3 comments
Labels
question

Comments

@ramosdelucas
Copy link

I getting the error Error creating Database: googleapi: Error 403: The client is not authorized to make this request., notAuthorized when trying to run the creation of one postgresql instance with the creation of one database.

module code:

locals {
   #provider_name                                           = var.provider_name == null ? "GCP" : var.provider_name
   #provider_region                                         = var.provider_region == null ? "CENTRAL_US" : var.provider_region
   #zone_name                                               = var.zone_name == null ? "${local.provider_name}-${local.provider_region}" : var.zone_name
   environment_name                                        = "${terraform.workspace}"
   #project_name                                            = "${terraform.workspace}" == "master" ? "production" : "${terraform.workspace}"

    required_tags                                           = {
        env                                                 = local.environment_name
        infrastructure_owner                                = "DBRE"
    }

    #labels                                                  = merge(local.required_tags, var.resource_tags)

    env                                                     = {
        master                                              = "prd",
        staging                                             = "stg",
        develop                                             = "dev"
    }

    env_type                                                = {
        master                                              = "prod",
        staging                                             = "nonprod",
        develop                                             = "nonprod"
    }
}

resource "random_password" "pwd" {
    length                                                  = 16
    special                                                 = false
}

resource "google_sql_database_instance" "primary" {
  #provider = google-beta

  name                                                = var.instance_name
  region                                              = var.region
  database_version                                    = var.database_version
  project                                             = var.project_id #"${var.project_id[terraform.workspace]}"
  root_password                                       = random_password.pwd.result
  deletion_protection                                 = var.deletion_protection

  #depends_on = [google_service_networking_connection.private_vpc_connection]

  dynamic "settings" {
    for_each                                          = var.env_setting[local.env[terraform.workspace]]
    content {
      tier                                            =  settings.value.tier 
      availability_type                               =  settings.value.availability_type
      disk_size                                       =  settings.value.disk_size

      database_flags {
        name                                          = "cloudsql.iam_authentication"
        value                                         = "on"
      }

     backup_configuration {
       enabled                                        = settings.value.backup_configuration.enable_backup
       start_time                                     = settings.value.backup_configuration.start_time
       point_in_time_recovery_enabled                 = settings.value.backup_configuration.enable_backup == true ? true : false
       #location                                       = settings.value.backup_configuration.location
       transaction_log_retention_days                 = settings.value.backup_configuration.transaction_log_retention_days
       
       backup_retention_settings {
        retained_backups                              = settings.value.backup_configuration.backup_retention_settings.retained_backups
        retention_unit                                = settings.value.backup_configuration.backup_retention_settings.retention_unit
        }
     }

      ip_configuration {
        private_network                               = settings.value.ip_configuration.private_network #"projects/${var.network_id[terraform.workspace]}/global/networks/${var.network_vpc[terraform.workspace]}"
        ipv4_enabled                                  = settings.value.ip_configuration.ipv4_enabled
      }
    }
  }
}



#[START google_sql_database]
resource "google_sql_database" "database" {
  depends_on                                          = [google_sql_database_instance.read_replica]
  count                                               = length(var.database_name)
  name                                                = var.database_name[count.index]
  instance                                            = google_sql_database_instance.primary.name
  #project                                             = local.env[terraform.workspace]
}
## [END google_sql_database]




# [START cloud_sql_postgres_instance_read_replica]
resource "google_sql_database_instance" "read_replica" {
  depends_on                                        = [google_sql_database_instance.primary]
  #count                                             = var.num_read_replica[local.env[terraform.workspace]] 

  name                                              = "${google_sql_database_instance.primary.name}-read" #"${var.prefix_engine}-${var.environment[terraform.workspace]}-${var.instance_name}-read-${count.index}"
  master_instance_name                              = google_sql_database_instance.primary.name
  database_version                                  = google_sql_database_instance.primary.database_version
  project                                           = google_sql_database_instance.primary.project #"${var.project_id[terraform.workspace]}"

  deletion_protection                               = var.deletion_protection
  region                                            = google_sql_database_instance.primary.region #var.region_primary[var.environment[terraform.workspace]]

  replica_configuration {
    failover_target                                 = false
  }

  dynamic "settings" {
    for_each                                          = var.env_setting[local.env[terraform.workspace]]
    content {
      tier                                            =  settings.value.tier 
      availability_type                               =  settings.value.availability_type
      disk_size                                       =  settings.value.disk_size

      database_flags {
        name                                          = "cloudsql.iam_authentication"
        value                                         = "on"
      }

     backup_configuration {
       enabled                                        = settings.value.backup_configuration.enable_backup
       start_time                                     = settings.value.backup_configuration.start_time
       point_in_time_recovery_enabled                 = settings.value.backup_configuration.enable_backup == true ? true : false
       #location                                       = settings.value.backup_configuration.location
       transaction_log_retention_days                 = settings.value.backup_configuration.transaction_log_retention_days
       
       backup_retention_settings {
        retained_backups                              = settings.value.backup_configuration.backup_retention_settings.retained_backups
        retention_unit                                = settings.value.backup_configuration.backup_retention_settings.retention_unit
        }
     }

      ip_configuration {
        private_network                               = settings.value.ip_configuration.private_network #"projects/${var.network_id[terraform.workspace]}/global/networks/${var.network_vpc[terraform.workspace]}"
        ipv4_enabled                                  = settings.value.ip_configuration.ipv4_enabled
      }
    }
  }
}
## [END cloud_sql_postgres_instance_primary]


# ------------------------------------------------------------------------------
# GCP SECRET MANAGER
# ------------------------------------------------------------------------------
resource "google_secret_manager_secret" "default" {
    project                   = "${var.project_secret[terraform.workspace]}"
    secret_id                 = local.secret_id
    labels                    = var.secret_labels
    replication {
       auto {}
    }
}
#
## ------------------------------------------------------------------------------
## GCP SECRET VERSION
## ------------------------------------------------------------------------------
resource "google_secret_manager_secret_version" "default" {
    secret                    = google_secret_manager_secret.default.id
    secret_data               = local.private_connection_string
}

## ------------------------------------------------------------------------------
## CREATE PRIVATE CONNECTION STRING FOR SECRET MANAGER
## POSTGRES_PASSWORD_PGS_DEV_PGSQL
## ------------------------------------------------------------------------------
locals {
  instance_name               = google_sql_database_instance.primary.name
  engine_name                 = replace(var.database_version, "/_.*/", "")
  secret_id                   = replace("${upper(local.engine_name)}_PASSWORD_${upper(local.instance_name)}", "-", "_")
  private_connection_string   = google_sql_database_instance.primary.root_password
  rrdatas_replica             = "${google_sql_database_instance.read_replica[*].ip_address.0.ip_address}"
  dns_record_replica          = "${google_sql_database_instance.read_replica[*].name}"
}

module "dns-record-primary" {
  source            = "git::https://github.com/tag-trade-repository/tf-module-dns-record.git"
  depends_on        = [google_sql_database_instance.primary]
  
  dns_record        = "${google_sql_database_instance.primary.name}"
  dns_zone_name     = "tag-internal-${terraform.workspace}"
  zone_project_id   = var.zone_project_id[terraform.workspace] 
  dns_record_type   = "A"

  dns_record_ttl    = 60
  rrdatas           = ["${google_sql_database_instance.primary.ip_address.0.ip_address}"]
} 

module "dns-record-replica" {
  count             = var.num_read_replica[local.env[terraform.workspace]]

  source            = "git::https://github.com/tag-trade-repository/tf-module-dns-record.git"
  depends_on        = [google_sql_database_instance.read_replica]
  
  dns_record        = element(local.dns_record_replica, count.index)
  dns_zone_name     = "tag-internal-${terraform.workspace}"
  zone_project_id   = var.zone_project_id[terraform.workspace] 
  dns_record_type   = "A"

  dns_record_ttl    = 60
  rrdatas           = [element(local.rrdatas_replica, count.index)]
}

resource code

locals {
    prefix                                                  = "pgs"
    version                                                 = "POSTGRES"
}

terraform {
  source                                                    = "${find_in_parent_folders("modules/cloud-sql/cluster")}"
}

include {
  path                                                      = find_in_parent_folders()
}



inputs                                                      = {
    instance_name                                           = "pg-dbre-teste-aut-v2"
    region                                                  = "us-east1"
    database_version                                        = "POSTGRES_15"
    project_id                                              = "db-receivables-dev-r202103"
    database_name                                           = ["db_postgres_15_dbre"]
    deletion_protection                                     = false    
  #root_password                                       = random_password.pwd.result

  #depends_on = [google_service_networking_connection.private_vpc_connection]

  env_setting                                              = {
    dev =   [
        {
            tier                                            =   "db-f1-micro"
            availability_type                               =   "ZONAL"
            disk_size                                       =   10
            backup_configuration                            =   {
                enable_backup                               =   false
                start_time                                  =   "00:00"
                point_in_time_recovery_enabled              =   false
                #location                                    =   
                transaction_log_retention_days              =   2
                backup_retention_settings                   =   {
                    retained_backups                        =   7
                    retention_unit                          =   "COUNT"
                }
            }
           ip_configuration                                 =   {
                private_network                             =   "projects/inf-global-nonprod-r202104/global/networks/vpc-inf-global-develop"
                ipv4_enabled                                =   false
            }
        }
    ]
    }
}

by the error it returns, it seems to be a permission that is missing but my iam group already has the permission Cloud SQL Administrator. do you guys see what could be the cause for this error?

thank you Lucas Ramos
@MCStar1923
Copy link

Hi @ramosdelucas

I think below might be one of the reason for this issue occuarnce.

  1. Please check Service Account Permission : Even though you have Cloud SQL Admin role, the specific service account you're using might not have the required permissions. This you can verify in IAM Section of cloud console.

  2. Double-Check Project and Instance Details:
    Make sure you're creating the instance and database in the correct project. Typos can lead to permission errors sometime.
    Verify: Double-check the project ID in your Terraform configuration or script matches the project where you want the resources created.

  3. Temporary Permissions Issue:

In rare cases, there might be a temporary permissions issue with Google Cloud.
Wait and Retry: Try waiting a few minutes and then re-running your script or Terraform configuration to see if this resolve the issue.

Hope this might helps.

Thank you.

Sankalp

@pkasireddy-equinix
Copy link

Hi ramosdelucas,

Have you got the solution for this??

Even i am facing the same issue when trying to create it through terraform.

Thanks,
Priyanka.

@janjaali
Copy link

Any news on that topic? We encountered the same issue with the initial run. Running terraform apply just really seconds later than the first run made the issue disappearing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@janjaali @pkasireddy-equinix @MCStar1923 @ramosdelucas