This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to setup Apigee X via Terraform

Posted on 10-09-2024 07:41 AM
davidanrod
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I'm trying to setup apigee-x in a existing gcp project but somehow, an error is showing up concerning to a contraint related to resource location which in the particular case is europe-west1

module.apigee.google_apigee_organization.organization[0]: Creating...
╷
│ Error: Error creating Organization: googleapi: Error 400: Precondition check failed.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
│     "violations": [
│       {
│         "description": "'global' violates constraint `constraints/gcp.resourceLocations` on the resource 'projects/*****, field name: Control Plane Region'",
│         "subject": "orgpolicy:projects/*****?zone=global",
│         "type": "constraints/gcp.resourceLocations"
│       }
│     ]
│   }
│ ]
│
│   with module.apigee.google_apigee_organization.organization[0],
│   on .terraform/modules/apigee/modules/apigee/main.tf line 22, in resource "google_apigee_organization" "organization":
│   22: resource "google_apigee_organization" "organization" {

Note: project_id was obfuscated.. 

Bellow the tf definition

module "apigee" {
  source     = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/apigee?ref=v28.0.0"
  project_id = var.project_id
  organization = {
    display_name            = var.project_id
    description             = "default org"
    authorized_network      = var.vpc_network
    runtime_type            = "CLOUD"
    project_id              = var.project_id
    billing_type            = "EVALUATION"
    #database_encryption_key = module.kms-org-db.key_ids["org-db"]
    analytics_region        = "europe-west1"
    api_consumer_data_location = "europe-west1"
  }
  envgroups = {
    dev = ["test.api.example.com"]
  }
  environments = {
    dev = {
      display_name = "dev"
      description  = "sample"
      envgroups    = ["dev"]
    }
  }
  instances = {
    europe-west1 = {
      region                        = "europe-west1"
      environments                  = ["dev"]
      runtime_ip_cidr_range         = "****/22"
      troubleshooting_ip_cidr_range = "****/22"
    }
  }
}

Ideas for troubleshooting? 

Lack of permissions? Collisions in available ip's range? 

Thanks.

Solved Solved
0 10 1,504
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
davidanrod
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

the answer for this can be seen here:

https://issuetracker.google.com/issues/325695173?pli=1

The attribute to avoid this constraint is api_consumer_data_location and it's available in the last versions of tf module.

Best,

David.

View solution in original post

Jump to Solution
10 REPLIES 10

Posted on --/--/---- --:-- AM
davidanrod
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Update:

After some reading, found this statement.."Google manages these resources so that they are available redundantly in all zones within that region". So, i'm trying to instantiate it, in a single zone cluster which is against by what seems to be the default multi-zone setup for apigee.. Looking into terraform docs, can't see a way to specify a specific zone..

Humm.. Am i missing something? Also, the error, seems to be related...

 "violations": [
│       {
│         "description": "'global' violates constraint `constraints/gcp.resourceLocations` on the resource 'projects/*****, field name: Control Plane Region'",
│         "subject": "orgpolicy:projects/*****?zone=global",
│         "type": "constraints/gcp.resourceLocations"
│       }

Thanks.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
grsiepka
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

@davidanrod  I'm not sure but that error kinda looks like a GCP Org level constraint that's not letting you provision resources in specific regions/zones.  

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidanrod
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

it's definitely a constraint regarding region/zone.. but as i said earlier, at this point don't know if apigee can run in a single zone within a specific region which is what i'm trying.. europe-west1 has 3 available zones, but my cluster is set only to single region/zone.

Based on that, how should i interpert the statement "Apigee organization resources can be created in many locations. These locations represent the geographical regions where Apigee resources, such as the Apigee runtime infrastructure and Apigee API Analytics data, are stored and accessed. Google manages these resources so that they are available redundantly in all zones within that region." ?

Thanks.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidanrod
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

the answer for this can be seen here:

https://issuetracker.google.com/issues/325695173?pli=1

The attribute to avoid this constraint is api_consumer_data_location and it's available in the last versions of tf module.

Best,

David.

Jump to Solution

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to davidanrod
Reply posted on --/--/---- --:-- AM

Hello @davidanrod and @grsiepka,

Thank you for engaging in the Apigee community! Especially thanks to @davidanrod for sharing the solution. We look forward to seeing you both share more insights in the future.

Feel free to check out our Apigee articles, best 😊

Jump to Solution

Posted on --/--/---- --:-- AM
sahilpawar
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The fix to add api_consumer_data_location field is partial fix. I still got the same error after adding that, To fully resolve the issue, you will need to add this line at the top of the terraform
Example for eu: provider "google-beta" {
apigee_custom_endpoint = "https://eu-apigee.googleapis.com/v1/"
}

Example for us: provider "google-beta" {
apigee_custom_endpoint = "https://us-apigee.googleapis.com/v1/"
}

This will create the control plane in the specified region and hence org creation won't fail because of control plane region.

Jump to Solution

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to sahilpawar
Reply posted on --/--/---- --:-- AM

Hi @sahilpawar, thank you for providing this additional solution and contributing to the discussion.

We truly appreciate your engagement and encourage you to keep engaging in the forum and sharing your valuable knowledge with the Apigee community 🙌🏽

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidanrod
Bronze 5
Bronze 5
In response to sahilpawar
Reply posted on --/--/---- --:-- AM

Hi,

yes, you're correct.. 

can you share your config with us? 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gmike
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I'm using the latest version of the Google provider and the tips described in this post but without success. 

 

resource "google_apigee_organization" "main" {
project_id = var.project_id
description = "Apigee Non Prod"
analytics_region = var.region
billing_type = "PAYG"
runtime_type = "CLOUD"
authorized_network = data.google_compute_network.apigee.id
retention = "MINIMUM"
api_consumer_data_location = var.region
}
 
provider "google" {
alias = "impersonation"
scopes = [
]
apigee_custom_endpoint = "https://eu-apigee.googleapis.com/v1/"
}

I got the constraint error.

│ Error: Error creating Organization: googleapi: Error 400: Precondition check failed.
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
│ "violations": [
│ {
│ "description": "'global' violates constraint `constraints/gcp.resourceLocations` on the resource 'projects/<project_is>, field name: Control Plane Region'",
│ "subject": "orgpolicy:projects/<project_id>?zone=global",
│ "type": "constraints/gcp.resourceLocations"
│ }
│ ]
│ },

Can somebody help me on that?

Cheers.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
hartmann
Staff
In response to gmike
Reply posted on --/--/---- --:-- AM

Hello, I believe the issue is that the apigee_custom_endpoint key/value pair is only supported in the google_beta module version (not google). Could you try something as follows and let us know the results:
 provider "google-beta" {
apigee_custom_endpoint = "https://eu-apigee.googleapis.com/v1/"
}

Jump to Solution
0 Likes
Top Solution Authors
View all