Assigned
Status Update
No update yet.
Comments
va...@google.com
ar...@google.com
Hello,
Thank you for reaching out to us with your request.
We have duly noted your feedback and will thoroughly validate it. While we cannot provide an estimated time of implementation or guarantee the fulfillment of the issue, please be assured that your input is highly valued. Your feedback enables us to enhance our products and services.
We appreciate your continued trust and support in improving our Google Cloud Platform products. In case you want to report a new issue, please do not hesitate to create a new issue on the
Once again, we sincerely appreciate your valuable feedback; Thank you for your understanding and collaboration.
Description
During this terraform upgrade, the IAM policies are removed and it is not attached again. Later, when we deploy the terraform script again, It detects the missing IAM policy and creates it again.
What you expected to happen:
During the terraform upgrade the IAM policies should not be removed.
Steps to reproduce:
During any Terraform upgrade.
Other information (workarounds you have tried, documentation consulted, etc):
1.The Service account with the "google_project_iam_policy" and "google_project_iam_binding" resource in Terraform removes any existing members of the same role. This can inadvertently remove access from previous users if not properly managed.
2. To avoid this issue, you can use the "google_project_iam_member" resource to add users. The "google_project_iam_policy" and "google_project_iam_binding" are Authoritative so it replaces the previous iam binding where as "google_project_iam_member" is Non-authoritative which just modifies instead of deleting previous iam binding.
Error :
ERROR 2024-04-23T08:08:48.381037755Z [protoPayload.serviceName: