Troubleshoot GCP Terraform Errors
Template out of date
│ Error: Failed to read module directory │ │ Module directory .terraform/modules/logging/modules/logging does not exist or cannot be read.
Possible Cause
Terraform template is updated from Splunk's side.
Possible Solutions
Re-download template from Splunk Cloud to ensure you have the latest template.
API is not enabled
│ Error: googleapi: Error 400: (89a44a80d565edc9): Dataflow API is not enabled. Please use the Cloud Platform Console, https://console.developers.google.com/apis/api/dataflow.googleapis.com/overview?project=test-c, to enable Dataflow API., failedPrecondition
Possible Cause
GCP Service API is not enabled.
Possible Solutions
In your Google Cloud Platform deployment, navigate to APIs & Services
, and enable the appropriate APIs.
Access Denied
Error: error loading state: Failed to open state file at gs://temp-bucket/terraform/8491e82e-0741-4b5d-a030-b37f863431d0/default.tfstate: googleapi: got HTTP response code 403 with body: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>test-service-account@cdc-connector.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object.</Details></Error>
Possible Cause
- Specific permissions were not granted to the service account used to execute
terraform
apply - Incorrect service account is used to execute
terraform
apply - Terminal is caching failed results from before permission is granted
Possible Solutions
- Revisit to prerequisites page and assign proper permissions to service account
- Ensure intended service account is used
export GOOGLE_APPLICATION_CREDENTIALS=<path_to_exported_credentials_json>
- Open a new terminal and run terraform apply
Project role already exists
│ Error: Unable to verify whether custom project role projects/test-d/roles/SplunkDMSourceReadOnly_8491e82e07414b5da030b37f863431d0 already exists and must be undeleted: Error when reading or editing Custom Project Role "projects/test-d/roles/SplunkDMSourceReadOnly_8491e82e07414b5da030b37f863431d0": googleapi: Error 403: You don't have permission to get the role at projects/test-d/roles/SplunkDMSourceReadOnly_8491e82e07414b5da030b37f863431d0., forbidden
Possible Cause
This can be caused by performing terraform
destroy on one input and re-apply it via terraform
apply. Role would have been "deleted" but GCP retain roles for a period of time before delete completion.
Possible Solutions
- Undelete the role
- Found under
IAM & Admin -> Roles
- Found under
- Create a new input
Troubleshoot GCP Permissions | Troubleshoot GCP Data Inputs |
This documentation applies to the following versions of Data Manager: 1.8.2, 1.8.3
Feedback submitted, thanks!