the project and regions are not parsed properly, both entries end up …

[kenthua]

ex:

   + module.subnet_iam_binding.google_compute_subnetwork_iam_member.subnet_iam_additive
      id:         <computed>
      etag:       <computed>
      member:     "serviceAccount:service-158105332103@container-engine-robot.iam.gserviceaccount.com"
      project:    "gke-subnet"
      region:     "gke-subnet"
      role:       "roles/compute.networkUser"
      subnetwork: "gke-subnet"

Running the example listed, requires the provider to specify project and region

Does that mean the main.tf in the module should handle region?

[morgante]

Can you clarify which example you saw this issue with?

[kenthua]

The subnet iam example

[adrienthebo]

@kenthua could you provide the variables that you're passing to the subnets example? I'm setting up a reproduction case locally, but in the mean time I'd like to see the subnet resources that you're providing.

[kenthua]

A simple reference based off the example. If I did specify project, it would also try to create a project iam binding.

This is in addition to a provider reference with project and region.

module "subnet_iam_binding" {
  source = "../../"

  subnets = ["gke-subnet"]

  mode = "additive"

  bindings = {
    "roles/compute.networkUser" = [
      "serviceAccount:service-158105332103@container-engine-robot.iam.gserviceaccount.com"
    ]
  }
}

[adrienthebo]

@kenthua I was able to reproduce your scenario with the following:

# terraform.tfvars
credentials_file_path="credentials.json"
group_email="test_sa_group@example.com"
user_email="thebo@example.com"
sa_email="bare-service-account@thebo-pfhost1-ed64.iam.gserviceaccount.com"
#subnet_one="projects/thebo-host-e503/regions/us-west1/subnetworks/default-us-west1-01"
#subnet_two="projects/thebo-host-e503/regions/us-west1/subnetworks/us-west1-01"
subnet_one="default-us-west1-01"
subnet_two="us-west1-01"

When specifying subnets, are you providing the full subnet path (eg the commented out subnet_one and subnet_two values) or just the subnet name?

edit - whoops, you provided an example - sorry about that! Instead of specifying subnets = ["gke-subnet"] could you try using the fully qualified subnet name?

[kenthua]

@adrienthebo Apologies, that was it, thanks! Should have read the docs that said full path, but maybe a more clear example in the readme?

subnet = "projects/<project_id>/regions/<region>/subnetworks/<subnet_name>"

[morgante]

Agreed this could be made clearer.

Specifically, can we:

1. Add a clarification to README
2. For the subnet example, instead of taking in a big "subnet" variable let's pull in a project ID, region, and subnet name as separate variables. and construct the URL within the example.

[kenthua]

Fixed them up, @adrienthebo @morgante let me know your thoughts.

[adrienthebo]

There are a couple of whitespace fixups I'd like to see before we merge this. I've verified these changes and everything runs as expected; 👍 for merge after the fixups lands.

[adrienthebo]

Thanks for the fixups, LGTM!

[morgante]

LGTM, thanks.