Reputation: 6082
Error when creating the firebase project using terraform
I am trying to create a create a firebase project using terraform. I am new in it and need some guidance in setting up the firebase project. I am facing an issue
Error creating Project: googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the firebase.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/.
terraform code
resource "google_project" "test-project" {
provider = google-beta
project_id = "test-project"
name = "Test Project"
}
resource "google_firebase_project" "test-project" {
provider = google-beta
project = google_project.test-project.project_id
}
provider "google" {
project = "test-project"
region = var.region
}
Upvotes: 1
Views: 1956
Answers (3)
Reputation: 682
In my case, the 403 error has been caused by not accepting the Firebase Terms of Service.
The only way to accept it is to create a Firebase project manually. After that, creation from Terraform succeeded without any changes to the Service Account or Billing Account.
Docs: https://firebase.google.com/docs/projects/terraform/get-started#troubleshooting-and-faq
Upvotes: 2
Reputation: 10566
If you don't really need the firebase project but just a firestore database, then you can create a firestore database using the following trick.
To provision a Cloud Firestore database with Terraform, use the google_app_engine_application resource. Set the database_type to CLOUD_FIRESTORE or CLOUD_DATASTORE_COMPATIBILITY.
For example, the following Terraform configuration file creates a new project and provisions a Cloud Firestore database:
provider "google" {
credentials = file("credentials-file")
}
resource "google_project" "my_project" {
name = "My Project"
project_id = "project-id"
}
resource "google_app_engine_application" "app" {
project = google_project.my_project.project_id
location_id = "location"
database_type = "CLOUD_FIRESTORE"
}
Upvotes: 0
Reputation: 1420
Creating the service account in the Terraform admin project, e. g.
gcloud iam service-accounts create terraform \
--display-name "Terraform admin account"
gcloud iam service-accounts keys create ${TF_CREDS} \
--iam-account terraform@${TF_ADMIN}.iam.gserviceaccount.com
and granting permissions to this service account should solve it. An example of providing permissions from the documentation:
gcloud projects add-iam-policy-binding ${TF_ADMIN} \
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \
--role roles/viewer
gcloud projects add-iam-policy-binding ${TF_ADMIN} \
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \
--role roles/storage.admin
You can follow the instructions about creating Google Cloud projects in Terraform
Projects you create in GCP are the same as you create in Firebase.
Upvotes: 1
Related Questions
- Create Firebase Project using Terraform
- "requested physical block size 2048 is not supported by this disk" - unable to create google compute disk using terraform
- Terraform for Firestore creation
- Terraform/GCP Error: project: required field is not set
- Cannot create Cloud Composer
- Unable to create gcp vpc using terraform
- Unable to create google project with Terraform
- Import of existing Firebase Project into Terraform State receiving 403 error
- Terraform auth problem with the google_firebase_project resource
- Error when creating gcp vm instance via terraform