Open vishramyadav-g opened 3 years ago
@vishramyadav-g where did you see below expected behavior?
If disable_dependent_service flag is set true. Parent API should be deleted BEFORE explicitly deleting dependent API.
@edwardmedia you are correct, that might not be the expected behaviour as of today. Is there a way we can handle disabling a list of dependent and parent APIs today?
To give little more context on this : we filed a similar bug in project factory as well - project_factory_issue_605. Which means everyone using project factory module would be also affected.
I believe we are using service usage API in the background, correct? So, maybe possible solution here is to expose batchDisable method from the API itself? (Currently we only have batchEnable).
As suggested in project_factory_issue_605, another way could be to do retry in disabling as well?
If you think retry might be a good solution here, I can open a PR against this repo. Thanks :)
This is an interesting and legit use case. @slevenick What do you think?
Unfortunately I don't see a batchDisable method on that API. You could file a ticket against the public GCP issue tracker to request that, but until then we won't be able to implement anything from the Terraform side.
We don't know which services are dependent within Terraform, and shouldn't encode this information into the provider in case it changes in the future, so I don't think we can solve for this.
I'm not sure how retry would help in this case, as I'm not sure how to interpret the error message you are receiving: Error waiting for api to disable: Error code 5, message: Hook call/poll failed for service "file.googleapis.com".
If you make the project services depend on each other in a chain, or turn Terraform parallelism to 1 do you still see the issue?
@slevenick Retry would help because the dependent service can still succeed in disabling before the parent service is disabled. Then when the parent service retries it will succeed.
Strictly sequencing the order of disabling with a dependency chain would work as a workaround, but then users are encoding the dependency information as well (which I don't think is very maintainable long term). Retry provides an escape hatch.
@slevenick Retry would help because the dependent service can still succeed in disabling before the parent service is disabled. Then when the parent service retries it will succeed.
Strictly sequencing the order of disabling with a dependency chain would work as a workaround, but then users are encoding the dependency information as well (which I don't think is very maintainable long term). Retry provides an escape hatch.
I guess I'm not suggesting that the user encode the dependency chain, just a dependency chain. If retry works then having these resources disable serially should also work, at least that's my hypothesis
I guess I'm not suggesting that the user encode the dependency chain, just a dependency chain. If retry works then having these resources disable serially should also work, at least that's my hypothesis
I'm not sure I follow. They are not the same.
If my dependency chain is storage
, then file
the storage
API will never disable successfully (because the file API is still using it) and Terraform would never proceed to disabling the file API. If you build a dependency chain in Terraform, you have to know the correct order.
On the other hand, with retry it would attempt to disable file
and storage
simultaneously. storage
will fail at first, but once the file
API finished disabling it would succeed.
Ah, so you are describing if disable_dependent_services = false
?
I'm thinking when that is set to true, it will only fail when file
and storage
are disabled simultaneously. If storage
is disabled first it will disable file automatically, and if file
is disabled first then disabling storage will succeed
Ah, so you are describing if disable_dependent_services = false?
Yes, though my observation is that disable_dependent_services
also isn't 100% reliableāsometimes APIs are still active even when the operation returns.
You're right that with disable_dependent_services = true
and only disabling one API at a time, errors should be less common. I still think it would be helpful to retry though.
If you build a dependency chain in Terraform, you have to know the correct order.
One more point to add here, if I may - Currently we don't have a way to know what APIs are dependent on each other. (There is no API/gcloud command to give us dependency between the APIs publicly
).
We tried -parallelism=1, and no errors were found during the API disable terraform destroy run. However, as expected, this was a very slow operation.
We may want to link this w/ b/267301591, or deduplicate it against a new issue.
FYI @edwardmedia that this was incorrectly labeled/forwarded
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Terraform:1.0.2
Affected Resource(s)
Terraform Configuration Files
Debug Output
Debug output gist
Panic Output
Expected Behavior
If disable_dependent_service flag is set
true
. Parent API should be deleted before explicitly deleting dependent API.Actual Behavior
It is throwing an error while deleting dependent APIs.
Steps to Reproduce
terraform apply
to enable those APIs.terraform destroy
to disable those APIs.Important Factoids
References
Other details:
Google provider version: google v3.76.0
0000
b/304725230
b/315120522