google_iam_workload_identity_pool - fails when a pool already exists

[AlexandreAlvesL]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

v1.2.3 and v1.2.4

Affected Resource(s)

google_iam_workload_identity_pool

Terraform Configuration Files

resource "google_iam_workload_identity_pool" "azure" {
  provider                  = google-beta
  workload_identity_pool_id = "azure1"
  project                   = var.gcp_project_id
}

resource "google_iam_workload_identity_pool_provider" "azure-provier" {
  provider                           = google-beta
  workload_identity_pool_id          = google_iam_workload_identity_pool.azure.workload_identity_pool_id
  workload_identity_pool_provider_id = "azure-provider"
  project                            = var.gcp_project_id
  display_name                       = "Azure Tenant"
  description                        = "Provider that will allow connection from Azure "
  disabled                           = false

  oidc {
    allowed_audiences = ["api://REDACTED_AUDIENCE"]
    issuer_uri = "https://sts.windows.net/REDACTED_TENANTID"
  }

  attribute_mapping = {
    "google.subject" = "assertion.sub"
  }
}

output "wif-id" {
  value       = google_iam_workload_identity_pool.azure.name
  description = "The output is the workload identity federation"
  sensitive   = true
}

Debug Output

(https://gist.github.com/AlexandreAlvesL/62ca81b51b6e6e5b2505cd67ea6b0b62)

Panic Output

Expected Behavior

It should have detected a existing resource already exists and nothing needs to be done.

Actual Behavior

A resource already exists and it crashes.

Steps to Reproduce

use the google_iam_workload_identity_pool and run it twice. First time to create the resouce, second time it will crash

1. terraform apply

Important Factoids

References

• 0000

[edwardmedia]

@AlexandreAlvesL can you provide the steps to repro the issue? Did you bring the resource into state before you apply? For me it seems to be fine through apply and re-apply.

[AlexandreAlvesL]

@edwardmedia did another try via a new project and also by clearing the state file in the existing project and it works as expected. most likely I provisioned via local code and then used it as part of the pipeline without clearing the configuration first. feel free to close this.

[edwardmedia]

@AlexandreAlvesL glad you found the problem. Closing the issue then

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.