search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.28k stars 1.72k forks source link

swtiching from project_services to project_service with for_each crashes terraform #4788

Closed ideasculptor closed 4 years ago

ideasculptor commented 4 years ago

Terraform Version

$ terraform --version
Terraform v0.12.12

Terraform Configuration Files

The trigger seems to have been a switch from project_services resource enabling a list of apis to a project_service resource enumerated via for_each. Because the project in question did not have any resources assigned to it, disabling all of the apis in project_services, including compute, succeeded (it fails in the more 'normal' case of a project that has at least one compute dependency within it). When the apis are enabled via the for_each enumeration, it fails because the compute api is no longer enabled. So I manually re-enabled it via the console. But terraform now crashes whenever I run it, whether performing apply or delete, so I cannot even clean house and start over.

Crash Output

https://gist.github.com/ideasculptor/e1f2351e5222eb80af385ecffadbbbfd

Expected Behavior

It should not crash

Actual Behavior

It did crash

Steps to Reproduce

create a project with project_services resource enabling apis. My list was as follows:

[
    "cloudbilling.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "compute.googleapis.com",
    "container.googleapis.com",
    "iam.googleapis.com",
    "iamcredentials.googleapis.com",
    "logging.googleapis.com",
    "serviceusage.googleapis.com",
    "storage-api.googleapis.com",
  ]

Make sure to destroy the default network and any other resources in the project, so that disabling ALL of those apis will succeed. Then switch to code which use project_service resource and for_each, to perform the same work. Re-apply and run. When it errors out because compute.googleapis.com is no longer enabled, manually re-enable by visiting the URL in the error message. Then re-apply. Terraform will crash.

Additional Context

I'm using terragrunt to wrap terraform, but that isn't a factor. Terraform is being run correctly by terragrunt. The bug doesn't manifest and terraform runs 'correctly' if the apis cannot be disabled due to existing resources conflicting. I just do state rm to remove the un-removable apis and the subsequent apply works just fine. The issue is only if the api removal actually succeeds.

References

https://github.com/terraform-google-modules/terraform-google-project-factory/issues/305

chrisst commented 4 years ago

@ideasculptor It looks like the panic appears to be happening in code related to the google_project_usage_export_bucket resource and not because of the project services. It looks like export usage was disabled on the project which was causing this resource to crash. I'll have a fix shortly but if you haven't already, re-enabling exports should fix your immediate issue.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!