Gcloud builds submit fails on "global" violates constraint "constraints/gcp.resourceLocations"

6
votes

I am working a lot with the Google Cloud Platform. Last year, we instated the resource constraint policy "constraints/gcp.resourceLocations" to Europe only. As of today, we are seeing a lot of strange errors when submitting a cloud build. Does anyone know if Google recently changed something in their Cloud Build service and make it regional?

The following command used to work:

gcloud builds submit .

However, overnight (12 november 2020), we got the following error:

ERROR: (gcloud.builds.submit) FAILED_PRECONDITION: "global" violates constraint "constraints/gcp.resourceLocations" on the resource "projects/[PROJECT_ID]/locations/global/builds/[UUID]"

  • '@type': type.googleapis.com/google.rpc.PreconditionFailure violations:
    • description: '"global" violates constraint "constraints/gcp.resourceLocations"

When running the following command:

gcloud builds submit . --region=europe-west1

The following error appears:

ERROR: (gcloud.builds.submit) User [USER] does not have permission to access projects instance [PROJECT_ID] (or it may not exist): project is not on the allowlist for Regional Cloud Build, please contact cloud-build-contact@google.com

1
google-cloud-platformgoogle-cloud-build
Great question and no answer... Did you contact the provided email? There is lot of change in Cloud Build in preparation, and I guess the regionalization is one of these.guillaume blaquiere
Hoped someone else would find this post! We decided to turn off the policy for now, since it concerns the production infrastructure as well. The provided e-mail is shut down for some reason, so we are going to contact support directly. I will update if we have a resolution.Nebulastic
Great! In our company, we have a test organisation where we try Organisation policy, because sometime, there is side effect like this... Anyway, the answer of Google support will be interesting. Keep us posted!guillaume blaquiere
Yes, we have the same procedure, we always test on a separate folder, which holds all the development projects. But this was an unintended side effect from Google, for which I saw no announcement. We had a similar issue before where project default buckets were in another region than the policy prescribed, which caused cloud build to break.Nebulastic

1 Answers

0
votes

That was an internal issue on the GCP side, which has been fixed shortly by the Cloud Build engineering team.