Error installing RADLab UI #232
Description
Describe the bug
I encountered an error when running terraform command to install RADLab UI following the doc https://googlecloudplatform.github.io/rad-lab/docs/rad-lab-ui/ui_installation/infrastructure/:
google_project_iam_member.webapp_identity_permissions["roles/iam.serviceAccountTokenCreator"]: Creation complete after 22s [id=rad-lab-ui-c9cb/roles/iam.serviceAccountTokenCreator/serviceAccount:rad-lab-ui-identity@rad-lab-ui-c9cb.iam.gserviceaccount.com]
google_project_iam_member.webapp_identity_permissions["roles/secretmanager.admin"]: Creation complete after 22s [id=rad-lab-ui-c9cb/roles/secretmanager.admin/serviceAccount:rad-lab-ui-identity@rad-lab-ui-c9cb.iam.gserviceaccount.com]
google_project_iam_member.webapp_identity_permissions["roles/cloudbuild.builds.viewer"]: Creation complete after 16s [id=rad-lab-ui-c9cb/roles/cloudbuild.builds.viewer/serviceAccount:rad-lab-ui-identity@rad-lab-ui-c9cb.iam.gserviceaccount.com]
module.terraform_builder.null_resource.build_and_push_image (local-exec): ERROR: (gcloud.builds.submit) FAILED_PRECONDITION: invalid bucket "495034307116.cloudbuild-logs.googleusercontent.com"; default Cloud Build service account or user-specified service account does not have access to the bucket
google_artifact_registry_repository_iam_member.cloudbuild_registry_access: Still creating... [10s elapsed]
google_artifact_registry_repository_iam_member.terraform_builder_registry_access: Still creating... [10s elapsed]
google_artifact_registry_repository_iam_member.cloudbuild_registry_access: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_builder_registry_access: Still creating... [20s elapsed]
google_artifact_registry_repository_iam_member.terraform_builder_registry_access: Creation complete after 21s [id=projects/rad-lab-ui-c9cb/locations/us-central1/repositories/rad-lab-ui-registry/roles/artifactregistry.writer/serviceAccount:rad-lab-ui-automation@rad-lab-ui-c9cb.iam.gserviceaccount.com]
google_artifact_registry_repository_iam_member.cloudbuild_registry_access: Creation complete after 23s [id=projects/rad-lab-ui-c9cb/locations/us-central1/repositories/rad-lab-ui-registry/roles/artifactregistry.reader/serviceAccount:rad-lab-module-creator@rad-lab-ui-c9cb.iam.gserviceaccount.com]
╷
│ Error: googleapi: Error 403: Unable to retrieve the repository metadata for projects/rad-lab-ui-c9cb/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'., forbidden
│
│ with google_cloudfunctions_function.create_update_module,
│ on functions.tf line 41, in resource "google_cloudfunctions_function" "create_update_module":
│ 41: resource "google_cloudfunctions_function" "create_update_module" {
│
╵
To Reproduce
Steps to reproduce the behavior:
I'm using Argolis environment but I'm using a org admin account with Folder IAM Admin and Project Creator roles. It's also a billing admin (I've tried both internal and partner billing accounts). I used Cloud Shell.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Logs
Any relevant logs that you can provide. Please remove any identifying information.
Labels
Please add a label that identifies what component(s) this issue applies to.