Org Policies error when creating a Cloud Function

Question

When trying to create a "hello world" Cloud Function, I get the error message:

"The request has violated one or more Org Policies. Please refer to the respective violations for more information."

Now, which org policies have been violated? In the Log Explorer I find the error message like this:

{
insertId: "XXX"
logName: "projects/XXX/logs/cloudaudit.googleapis.com%2Factivity"
protoPayload: {10}
receiveTimestamp: "2021-11-26T11:42:16.735011108Z"
resource: {2}
severity: "ERROR"
timestamp: "2021-11-26T11:42:16.490247Z"
}

This means that the Org Policy errors you ran into are due to [VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/troubleshooting#determine_if_an_error_is_due_to). Can you please review your [VPC Service Controls configuration](https://cloud.google.com/functions/docs/securing/using-vpc-service-controls) to understand why your VPC service controls are prohibiting your createFunction requests? — Zeenath S N, Nov 25 '21 at 11:16

score 1 · Answer 1 · answered Nov 30 '21 at 15:08

I found the solution to my own issue: After clicking "Create Function", I had to choose "Run time, build, connections and security settings" -> "Connections" and select an option.

No option had been selected there, I guess this was due to my project's network settings.

Now I can deploy :)

score 0 · Answer 2 · answered Nov 25 '21 at 16:28

0

Logging will have the detail error.details[x].violations[x].type. The log entry states the constraint in violation.

The following log entry shows a violation for location:

"type": "constraints/gcp.resourceLocations"

Example log entry:

"error": {
  "code": 400,
  "message": "The request has violated one or more Org Policies. Please refer to the respective violations for more information."
  "status": "FAILED_PRECONDITION" 
  "details\": [
    {
      "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
      "violations": [
        {
          "type": "constraints/gcp.resourceLocations",
          "subject": "orgpolicy:projects/<project>",
          "description": "Constraint constraints/gcp.resourceLocations violated for projects/<project> attempting GenerateUploadUrlActionV1 with location set to us-central1. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information."
        }
      ]
    }
  ]
}

Org Policy Constraints

answered Nov 25 '21 at 16:28

John Hanley

4,287
1
9
20

The log entry looks entirely different for me. I look at the Logs Explorer, where do you look? – Thorsten Staerk Nov 26 '21 at 12:04
1

@ThorstenStaerk I provided a **partial** example of the inner section showing the error key. Look in **Cloud Audit Logs** https://cloud.google.com/logging/docs/audit#types – John Hanley Nov 26 '21 at 19:10
Thanks for staying with me! However, I still see the same like before. I read the article you pointed me to, then, in Log Explorer I indeed found a log entry with the type "type.googleapis.com/google.cloud.audit.AuditLog". But as before, it only contains one occurrence of "ERROR" which looks like this: severity: "ERROR" timestamp: "2021-12-01T07:02:05.318337Z" so I cannot find the error key – Thorsten Staerk Dec 01 '21 at 07:06
@ThorstenStaerk I need to see the entire redacted log entry. – John Hanley Dec 01 '21 at 07:09

Org Policies error when creating a Cloud Function

2 Answers2