theferrit32
commented
10 months ago terraform thinks it needs to add this label to the bucket even though it already exists. The field in the terraform resource schema is called labels, and it's called labels on the bucket too, but here in the plan it calls it terraform_labels, not sure if that is causing the issue.
kafka_backups $ terraform plan
google_storage_bucket.confluent_backups: Refreshing state... [id=clingen-confluent-backups]
google_service_account.confluent_cloud_backups_owner: Refreshing state... [id=projects/clingen-dx/serviceAccounts/confluent-cloud-kakfa-backups@clingen-dx.iam.gserviceaccount.com]
google_storage_bucket_iam_binding.backups_sa_binding: Refreshing state... [id=b/clingen-confluent-backups/roles/storage.admin]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
Terraform will perform the following actions:
# google_storage_bucket.confluent_backups will be updated in-place
~ resource "google_storage_bucket" "confluent_backups" {
id = "clingen-confluent-backups"
name = "clingen-confluent-backups"
~ terraform_labels = {
+ "bucket" = "clingen-confluent-backups"
}
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
This includes features of
GCP Workflowsnecessary for our use case.There is one change required in
google_secret_manager_secret:becomes
Given the current use of
external-secretsandcloudbuild-firebasemodules across the 3devstageandprodenvironments, we need to update the google module simultaneously across the 3 environments.One additional configuration change suggested on the call today is to remove the use of terragrunt and just put the module versions in a config file in each environment directory.
Other
googleterraform resource types that we are using seem to be fully backwards compatible, meaning we don't need to make changes.Verified these terraform directories under
terraform/work with google version 5.12.0.