-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabled serviceusage.googleapis.com API leads to tainted project #6222
Comments
I've observed a fair number of issues and failures can happen during the network deletion, which is potentially a source of pain for users. While the simplest fix would be to add a precheck (similar to #5671), I wonder if we should instead split the network deletion into a separate resource. My reasoning is that failures in the For example
|
Yes, this is an issue. It does prompt project replacement
|
One idea I had for this which I did not test was creating a service API client and calling the list (or any valid function) on a non existent project. If the API is not enabled on the service account this might return an error indicating so, while if it was enabled then you should get an error saying the project does not exist. Worth exploring this option if there is no other easy way to find out enabled services on the billed project. |
@umairidris and @morgante I've tested @umairidris idea and should work as below.
Would you guys willing to review a PR for precheck function? |
Hi @thiagonache, Thanks for testing the idea out. Neither myself nor @morgante actually work on the provider, so we can't give you approval. I would ask @danawillow to assign someone to look at this. Regarding the code, I would not use a real project #, instead use one that would not exist like '000'. Do note that the provider already has a way to instantiate clients (the project resource already creates serviceusage clients in the code), so you can probably simplify the instantiation. |
@umairidris Thanks for your answer. I'll wait for @danawillow . |
@thiagonache seems reasonable to me! There's already a function called |
Closed by #7447 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Affected Resource(s)
google_project
Terraform Configuration Files
From Project Factory:
Debug Output
https://gist.github.com/morgante/cbb394bcadd6e81d90acd2dc2dab86d5
Expected Behavior
When creating a project with
auto_create_network = false
, Terraform needs to activate the compute API on the project. This requires the seed project have the serviceusage API active.I would expect this failure to be recoverable so Terraform bails out early (ie. before creating the project) if the correct APIs are not active similar to #5671.
Actual Behavior
Terraform creates the project, then attempts to delete the network - leading to a tainted project it attempts to recreate (which is impossible because projects are unique).
Steps to Reproduce
terraform apply
and observe failureterraform plan
and observe tainted projectReferences
The text was updated successfully, but these errors were encountered: