How to add org policies in bootstrap stage? #2896

jinay-aviato · 2025-02-14T12:16:11Z

jinay-aviato
Feb 14, 2025

@ludoo, @juliocc
I initially deployed the 0-bootstrap stage with my user as the caller. Afterward, I configured a service account to act as the caller for subsequent deployments.

Currently, organization policies defined in the data/org-policies directory (e.g., compute.yaml, iam.yaml, etc.) are not included in the Terraform plan output by default. As a result, these policies are not being created or applied.

What changes are required to ensure that these YAML files are properly included in the Terraform plan and that the organization policies are applied?

Answered by juliocc

Feb 17, 2025

bootstrap_user = "[email protected]"

This is your issue. The variable bootstrap_user is only supposed to be used the first time you apply and it inhibits the creation of org policies (among other things). Remove that and use the generated providers file as explained bootstrap's README

View full answer

juliocc · 2025-02-14T16:29:33Z

juliocc
Feb 14, 2025
Maintainer

Org policies should be applied by default after you switch to use a service account. Unless you override the factories_config variable, the org policies shipped with FAST will be applied.

You'll have to provide more details about your setup/environment for us to help you.

7 replies

jinay-aviato Feb 17, 2025
Author

Hi
So I am sharing you my tfvars file what I am passing , Other then this I am not passing any attribute

billing_account = {
id = "XXXXXX-XXXXXX-XXXXXX"
}


# locations for GCS, BigQuery, and logging buckets created here
locations = {
bq = "us-east1"
gcs = "us-east1"
logging = "global"
pubsub = []
}

# use gcloud organizations list
organization = {
domain = "gmail.com"
id = 123456789123
customer_id = "xxxxxxxxx"
}

outputs_location = "~/fast-config"

# use something unique and no longer than 9 characters
prefix = "xyz"
bootstrap_user = "[email protected]"

juliocc Feb 17, 2025
Maintainer

organization.domain = "gmail.com"?

You need to own the org to be able to create org policies in it.

jinay-aviato Feb 17, 2025
Author

Hey, the above values are just the example I have used the actual values for it while applying the stage.

juliocc Feb 17, 2025
Maintainer

bootstrap_user = "[email protected]"

This is your issue. The variable bootstrap_user is only supposed to be used the first time you apply and it inhibits the creation of org policies (among other things). Remove that and use the generated providers file as explained bootstrap's README

Answer selected by sruffilli

jinay-aviato Feb 27, 2025
Author

Hey, It is working need to remove bootstrap_user variable after first run. Thanks for your support and time.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to add org policies in bootstrap stage? #2896

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 7 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

How to add org policies in bootstrap stage? #2896

Uh oh!

jinay-aviato Feb 14, 2025

Replies: 1 comment · 7 replies

Uh oh!

juliocc Feb 14, 2025 Maintainer

Uh oh!

jinay-aviato Feb 17, 2025 Author

Uh oh!

juliocc Feb 17, 2025 Maintainer

Uh oh!

jinay-aviato Feb 17, 2025 Author

Uh oh!

juliocc Feb 17, 2025 Maintainer

Uh oh!

jinay-aviato Feb 27, 2025 Author

jinay-aviato
Feb 14, 2025

Replies: 1 comment 7 replies

juliocc
Feb 14, 2025
Maintainer

jinay-aviato Feb 17, 2025
Author

juliocc Feb 17, 2025
Maintainer

jinay-aviato Feb 17, 2025
Author

juliocc Feb 17, 2025
Maintainer

jinay-aviato Feb 27, 2025
Author