Skip to main content

203100 - Failed to Get Cloud Armor Security Policy Rule

Agent error code #203100 indicates that the agent could not retrieve the Cloud Armor security policy rule from GCP. The error message includes additional detail about the underlying cause (e.g., authentication, authorization, resource not found, or timeout).

This error occurs during the GET phase of a grant or revocation operation, before any modification is attempted.

Common causes include:

  • The security policy name configured in Knocknoc does not match any policy in the GCP project
  • The rule priority configured in Knocknoc does not match any rule within the security policy (see also #203151)
  • The service account lacks compute.securityPolicies.get permission (see also #203002)
  • The GCP project ID is incorrect
  • Network connectivity to the GCP API failed (see also #203000, #203003)

Steps to Resolve

Verify the Security Policy Name and Rule Priority

  1. In the GCP Console, navigate to Network Security > Cloud Armor
  2. Confirm a security policy exists with the exact name configured in the Knocknoc ACL
  3. Open the policy and confirm a rule exists at the exact priority number configured in the Knocknoc ACL
  4. Names are case-sensitive and priorities must match exactly

Verify the GCP Project ID

  1. In the Knocknoc admin interface, check the backend configuration
  2. Confirm the GCP Project ID matches the project containing the security policy

Check IAM Permissions

  1. Ensure the service account has the compute.securityPolicies.get permission
  2. See error #203002 for detailed IAM troubleshooting steps
Back to top