search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.28k stars 1.72k forks source link

google_project_services diffing/failing to apply on stackdriverprovisioning.googleapis.com #1953

Closed Evesy closed 5 years ago

Evesy commented 6 years ago

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

1.16.2

Affected Resource(s)

Terraform Configuration Files

resource "google_project_services" "admin-enabled-apis" {
  project = "${local.project}"

  services = [
    "containerregistry.googleapis.com",
    "pubsub.googleapis.com",
    "compute.googleapis.com",
    "servicemanagement.googleapis.com",
    "dns.googleapis.com",
    "deploymentmanager.googleapis.com",
    "replicapool.googleapis.com",
    "replicapoolupdater.googleapis.com",
    "resourceviews.googleapis.com",
    "monitoring.googleapis.com",
    "logging.googleapis.com",
    "container.googleapis.com",
    "storage-api.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "iam.googleapis.com",
    "cloudbilling.googleapis.com",
    "cloudkms.googleapis.com",
    "serviceusage.googleapis.com",
    "oslogin.googleapis.com",
    "stackdriverprovisioning.googleapis.com",
    "stackdriver.googleapis.com",
  ]
}

Expected Behavior

From the introduction of #1763 in 1.16.0 I'd expect Terraform to ignore this API since it is automatically enabled alongside other API's (as I understand it)

Actual Behavior

Since upgrading from 1.15.0 to 1.16.2 Terraform is trying to enable the API:

  ~ google_project_services.admin-enabled-apis
      services.#:          "20" => "21"
      services.1560437671: "iam.googleapis.com" => "iam.googleapis.com"
      services.1568433289: "oslogin.googleapis.com" => "oslogin.googleapis.com"
      services.1712537408: "containerregistry.googleapis.com" => "containerregistry.googleapis.com"
      services.1954675454: "serviceusage.googleapis.com" => "serviceusage.googleapis.com"
      services.2117420113: "pubsub.googleapis.com" => "pubsub.googleapis.com"
      services.2176421926: "cloudkms.googleapis.com" => "cloudkms.googleapis.com"
      services.2240314979: "compute.googleapis.com" => "compute.googleapis.com"
      services.2471815660: "servicemanagement.googleapis.com" => "servicemanagement.googleapis.com"
      services.2928564140: "dns.googleapis.com" => "dns.googleapis.com"
      services.2966512281: "deploymentmanager.googleapis.com" => "deploymentmanager.googleapis.com"
      services.3010261123: "replicapool.googleapis.com" => "replicapool.googleapis.com"
      services.3075019877: "replicapoolupdater.googleapis.com" => "replicapoolupdater.googleapis.com"
      services.3077910291: "resourceviews.googleapis.com" => "resourceviews.googleapis.com"
      services.3237295688: "monitoring.googleapis.com" => "monitoring.googleapis.com"
      services.3327360159: "stackdriver.googleapis.com" => "stackdriver.googleapis.com"
      services.3355193353: "logging.googleapis.com" => "logging.googleapis.com"
      services.3644083179: "cloudresourcemanager.googleapis.com" => "cloudresourcemanager.googleapis.com"
      services.3740470850: "container.googleapis.com" => "container.googleapis.com"
      services.3875785048: "storage-api.googleapis.com" => "storage-api.googleapis.com"
      services.3902838863: "cloudbilling.googleapis.com" => "cloudbilling.googleapis.com"
      services.666423718:  "" => "stackdriverprovisioning.googleapis.com"

The apply also fails due to insufficient permissions (The user being ran is an Owner of the project, and an Organisation Administrator). The API is already enabled too:

Service name
stackdriverprovisioning.googleapis.com
Overview
Stackdriver Provisioning Service is used to provision a project for monitoring by Stackdriver. Enabling this service will enable Monitoring API, Logging API and Resource Metadata API.
Activation status
Enabled

Steps to Reproduce

References

paddycarver commented 6 years ago

1763 fixed it so that not having that API in your config wouldn't create a diff. You're getting that error because that's an API you can't enable, but you're telling Terraform to enable it.

If you remove it from your config, the error should go away, as will the diff.

danawillow commented 6 years ago

@paddycarver what's the upstream bug here? Anything I should file internally?

paddycarver commented 5 years ago

I don't... know? I think my thought process was that the upstream "fix" would be not having services that you can't actually enable. I think we've already raised that with the team, though?

danawillow commented 5 years ago

Ah ok, I definitely remember sending something out about it but I can't find it now. I highly doubt that's going to change though. Still worth it to keep this issue open?

paddycarver commented 5 years ago

I don't really know what our options are here, or what we could do. Seeing as there's no next steps we can take, as far as I know, I'm going to close this out. If someone thinks we could have better documentation for this, or there's something we could do, I'm happy to reopen or discuss on another issue.

ghost commented 5 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!