Error 400: resourceInUseByAnotherResource

elouanKeryell-Even commented 3 years ago

Terraform Version

$ terraform -v
Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/google v3.62.0
+ provider registry.terraform.io/hashicorp/google-beta v3.62.0
+ provider registry.terraform.io/hashicorp/tls v3.1.0

Affected Resource(s)

google_compute_url_map

Terraform Configuration Files

I define a google_compute_url_map, which depends on a backend_service provided by module GoogleCloudPlatform/lb-http/google:

module "generated_cloud_loadbalancer" {
  source            = "GoogleCloudPlatform/lb-http/google"
  version           = "4.3.0"
  name              = var.network_name
  project           = var.project
  create_address    = false
  create_url_map    = false
  http_forward      = false
  target_tags       = []
  security_policy   = google_compute_security_policy.policy.self_link
  backends          = {
    "redacted" = {

      description                     = null
      protocol                        = v.protocol.id
      port                            = v.protocol.port
      port_name                       = v.protocol.port_name
      timeout_sec                     = null
      connection_draining_timeout_sec = null
      enable_cdn                      = false
      session_affinity                = null
      affinity_cookie_ttl_sec         = null
      custom_request_headers          = null
  //    security_policy                 = google_compute_security_policy.policy.self_link
      health_check                    = null

      log_config = {
        enable      = true
        sample_rate = 1.0
      }

      iap_config =  {
        enable                        = false
        oauth2_client_id              = null
        oauth2_client_secret          = null
      }

      groups = [ {
        group                        = v.neg_id
        balancing_mode               = null
        capacity_scaler              = null
        description                  = null
        max_connections              = null
        max_connections_per_instance = null
        max_connections_per_endpoint = null
        max_rate                     = null
        max_rate_per_instance        = null
        max_rate_per_endpoint        = null
        max_utilization              = null
      }]
    }
  }
  firewall_networks = []
}

resource "google_compute_url_map" "default" {
  name                = var.network_name
  default_service     = module.generated_cloud_loadbalancer.backend_services[local.default_backend_name].self_link
  project             = var.project
  host_rule {
    hosts        = ["*"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = module.generated_cloud_loadbalancer.backend_services[local.default_backend_name].self_link

    dynamic "path_rule" {
      for_each      = {for k, v in module.cloud_run_negs.cloud_run_instances_with_neg_id : k => v if k != local.default_backend_name}
      content {
        service     = module.generated_cloud_loadbalancer.backend_services[path_rule.key].self_link
        paths       = path_rule.value.context_paths
      }
    }
  }
  depends_on        = [module.generated_cloud_loadbalancer]

}

Debug Output

terraform plan: https://gist.github.com/elouanKeryell-Even/a9b7878b8959ab58921bdc1b1456da20
terraform apply: https://gist.github.com/elouanKeryell-Even/5f51462dc8a6c48dad80a9f4b7463a58

Panic Output

N/A

Expected Behavior

When I change the name of the backend_services (i.e. module variable var.backend), this is what I expect to happen:

terraform creates new backend_service with new name
terraform updates url_map to point to new backend_service
terraform destroys old backend_service

Actual Behavior

This is what actually happens:

terraform starts by destroying old backend_service --> fails because url_map is linked to it:

module.external-https-loadbalancer.module.generated_cloud_loadbalancer.google_compute_backend_service.default["redacted-bck"]: Destroying... [id=projects/redacted/global/backendServices/redacted-lb-backend-redacted-bck]

. . .
. . .
. . .

Error: Error when reading or editing BackendService: googleapi: Error 400: The backend_service resource 'projects/redacted/global/backendServices/redacted-lb-backend-redacted-bck' is already being used by 'projects/redacted/global/urlMaps/redacted-lb', resourceInUseByAnotherResource

Steps to Reproduce

Write a terraform conf file which instanciates module GoogleCloudPlatform/lb-http/google and declares an url_map linked to the backend_service generated by the module
Apply: terraform apply
Now in the conf file change the name of the backend variable of the module
Apply change: terraform apply

Important Factoids

N/A

References

hashicorp/terraform-provider-google#8284
hashicorp/terraform-provider-google#1883
hashicorp/terraform-provider-google#6277
hashicorp/terraform-provider-google#8160

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

steffen74 commented 2 years ago

I just had the same issue. Te same also happens, for example, when changing the url_maskin the cloud run section of the resource "google_compute_region_network_endpoint_group".

sreenivas-ps commented 2 years ago

i'm having the same issue, is there any update on this?

bholbrook73 commented 1 year ago

I'm running into this issue changing the domains for the SSL.

I've changed the domain from dev.section.domain.com to dev-section.domain.com. I'm expecting the SSL to be detached, deleted, recreated, and then attached again. What I get is:

Error: Error when reading or editing ManagedSslCertificate: googleapi: Error 400: The ssl_certificate resource 'projects/PROJECT_ID/global/sslCertificates/appname-load-balancer-cert' is already being used by 'projects/PROJECT_ID/global/targetHttpsProxies/appname-load-balancer-https-proxy', resourceInUseByAnotherResource

nburns commented 1 year ago

Still having this issue

dmanci commented 1 year ago

(First off, thanks for everyone's hard work on this project, it's very useful.)

I'm having a related issue attempting to remove network endpoint groups. I've got Terraform that looks something like this:

google_compute_region_network_endpoint_group "neg" {
  for_each = toset(var.regions)
  ...
}

...

module "lb-http" {
  ...
  backends = {
    groups = [
      for neg_id in var.neg_ids :
      {
        group = neg_id
      }
    ]
  }
}

In attempting to remove 2/3 regions, Terraform tries to destroy the NEGs and then update the lb-http backends list. This results in a similar 400 error "The network_endpoint_group resource is already being used by , resourceInUseByAnotherResource.

sadminriley commented 1 year ago

@elouanKeryell-Even @dmanci Did you guys ever find a workaround for this?

dmanci commented 1 year ago

@elouanKeryell-Even @dmanci Did you guys ever find a workaround for this?

@sadminriley Our "workaround" was easy because we weren't live in production yet... destroy the load balancer, change the negs, and recreate it. 😄 Otherwise, no we haven't discovered a way to do it without downtime.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

okaisti commented 1 year ago

renaming the lb module seemed to "fix" this :D, don't know if it's zero downtime tho

module "application-lb" {
  source  = "GoogleCloudPlatform/lb-http/google"
  version = "7.0.0"
  // rename this "loadbalancer_name" if there is an: Error 400 resourceInUseByAnotherResource (might happen when modifying url_maps)
  // related github issue (https://github.com/terraform-google-modules/terraform-google-lb-http/issues/159)
  name    = local.loadbalancer_name
  ...
}

terrpan commented 11 months ago

We are also facing this issue when we remove a neg from the backend block. It tries to destroy the neg before removing it from the backend.

github-actions[bot] commented 9 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

nburns commented 9 months ago

still busted

sadminriley commented 9 months ago

@nburns Yeah i've tried just about anyway I can do this outside of gcloud cli edits manually

github-actions[bot] commented 7 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

elouanKeryell-Even commented 5 months ago

prevent close issue

giulianobr commented 4 months ago

Nothing yet?

sadminriley commented 4 months ago

This has been an issue since 2021.

the only fix I've found is manually editing things via gcloud

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

giulianobr commented 2 months ago

Since 2021 ...

sltet commented 1 month ago

still having the issue

terraform-google-modules / terraform-google-lb-http