403 policy config_error ai_generated true

错误:创建资源时出错:google_project_service:googleapi:错误403:Cloud Resource Manager API 尚未在项目中使用或已被禁用。请访问 https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=my-project 启用它,然后重试。

Error: Error creating resource: google_project_service: googleapi: Error 403: Cloud Resource Manager API has not been used in project before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=my-project then retry.

ID: policy/terraform-org-policy-blocked-resource-type

其他格式: JSON · Markdown 中文 · English
90%修复率
82%置信度
1证据数
2023-05-20首次发现

版本兼容性

版本状态引入弃用备注
Terraform 1.5.x active
Google Provider 5.0.0 active

根因分析

所需的Google Cloud API(Cloud Resource Manager)未在项目中启用,这是组织为防止未经授权的API使用而强制执行的策略。

English

The required Google Cloud API (Cloud Resource Manager) is not enabled for the project, which is a policy enforced by the organization to prevent unauthorized API usage.

generic

官方文档

https://cloud.google.com/resource-manager/docs/creating-managing-projects

解决方案

  1. Enable the Cloud Resource Manager API via gcloud before running Terraform: `gcloud services enable cloudresourcemanager.googleapis.com --project=my-project`. Then re-run `terraform apply`.
  2. Add a `google_project_service` resource in Terraform to enable the API automatically: `resource "google_project_service" "cloudresourcemanager" { project = "my-project" service = "cloudresourcemanager.googleapis.com" disable_on_destroy = false }`. Ensure this runs before other resources.
  3. Grant the 'Service Usage Admin' role to the Terraform service account: `gcloud projects add-iam-policy-binding my-project --member='serviceAccount:[email protected]' --role='roles/serviceusage.serviceUsageAdmin'`.

无效尝试

常见但无效的做法:

  1. 50% 失败

    Enabling the API is necessary, but Terraform may still fail if the service account lacks the 'serviceusage.services.enable' permission.

  2. 95% 失败

    Terraform does not auto-enable APIs; the error will persist until the API is explicitly enabled.

  3. 80% 失败

    The error is enforced by Google Cloud's API, not the provider; provider version changes won't help.