Remove preconditions script

morgante commented 4 years ago

In order to remove the preconditions script from the module (#373), we need to confirm it's impossible to start module creation and be left in a catastrophic state.

Therefore we need to make sure each step has an associated in-provider check and we document/explain in the troubleshooting guide.

Checks:

[ ] Seed project - check that APIs are active
- [x] cloudresourcemanager.googleapis.com
- [x] cloudbilling.googleapis.com - fixed via https://github.com/terraform-providers/terraform-provider-google/pull/5671
- [x] iam.googleapis.com
- [x] appengine.googleapis.com (when managing an App Engine instance on the Target Project)
- [x] admin.googleapis.com (when managing G Suite groups and group membership)
- [x] serviceusage.googleapis.com - needed to remove default network - https://github.com/terraform-providers/terraform-provider-google/issues/6222
[x] Confirm permissions on billing account
[x] Confirm permissions on Shared VPC
[x] Confirm permissions on organization
[x] Confirm permissions on folder

thiagonache commented 3 years ago

@morgante I know it's silly, but what if we force serviceusage to be enabled until we get it handled by the provider?

variable "activate_apis" {
  description = "The list of apis to activate within the project"
  type        = list(string)
  default     = ["compute.googleapis.com","serviceusage.googleapis.com"]

  validation {
    condition     = can(lookup(var.activate_apis, "serviceusage.googleapis.com"))
    error_message = "Service Usage API is required due to network auto creation."
  }
}

We could create an isolated module for now and apply the validation only in the submodule. Just a thought....

morgante commented 3 years ago

@thiagonache It actually doesn't need to be enabled on the project being created, it needs to be on the credentials project.

thiagonache commented 3 years ago

Doh! Do you think they would accept the new resource to remove the default network? If yes, I can see if I can do it. I think I can.

On 3 Oct 2020, at 16:54, Morgante Pell notifications@github.com wrote:

@thiagonache It actually doesn't need to be enabled on the project being created, it needs to be on the credentials project.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

thiagonache commented 3 years ago

Hi @morgante! We got a small change merged that handles the serviceusage API. I know it's not your preferred way due to other possible errors, but I think if we tackle the most recurrent ones is enough to get rid of the preconditions script.

What do you think?

morgante commented 3 years ago

Yeah I think this is enough to drop it. If you could file a PR moving to to helpers/ and removing it from module code that would be great. We should also document how to run it standalone (ie. before running Terraform).

thiagonache commented 3 years ago

sure. will do.

bharathkkb commented 3 years ago

fixed by https://github.com/terraform-google-modules/terraform-google-project-factory/pull/478

terraform-google-modules / terraform-google-project-factory

Remove preconditions script #407