Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google_project_service module needs to handle incorrect GCP API names properly #8875

Closed
gangchen03 opened this issue Apr 8, 2021 · 1 comment · Fixed by GoogleCloudPlatform/magic-modules#4722, #8987 or hashicorp/terraform-provider-google-beta#3191
Closed

google_project_service module needs to handle incorrect GCP API names properly #8875

gangchen03 opened this issue Apr 8, 2021 · 1 comment · Fixed by GoogleCloudPlatform/magic-modules#4722, #8987 or hashicorp/terraform-provider-google-beta#3191
Assignees
@melinath
Labels
bug

Comments

@gangchen03
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Terraform Version
terraform: v0.13.1, provider: ~> 3.3

Affected Resource(s)
google_project_services

When providing an incorrect GCP API name as service parameter in google_project_service module, the GCP terraform module doesn't validate the API name but simply times-out in 20 minutes after apply.

Terraform Configuration

locals {
  credentials_file_path = var.credentials_path
}

/******************************************
  Provider configuration
 *****************************************/
provider "google" {
  credentials = file(local.credentials_file_path)
  version = "~> 3.3"
}

provider "google-beta" {
  credentials = file(local.credentials_file_path)
  version = "~> 3.3"
}

provider "null" {
  version = "~> 2.1"
}

provider "random" {
  version = "~> 2.2"
}

module "project-factory" {
  source                  = "terraform-google-modules/project-factory/google"
  version                 = "~> 10.1"
  random_project_id       = true
  name                    = "simple-sample-project-2"
  org_id                  = var.organization_id
  billing_account         = var.billing_account
  credentials_path        = local.credentials_file_path
  #folder_id               = var.folder_id
  activate_apis               = [
    "logging.googleapis.com",
    "iam.googleapis.com",
    "iamcredentials.googleapis.com",
    "secretmanager.googleapis.com",
    "compute.googleapis.com",
    "dns.googleapis.com",
    "monitoring"
    ]
  default_service_account = "deprivilege"
  disable_dependent_services = true
}

Notice the last activate_apis (it maps to google_project_service service parameter) is monitoring instead of actual monitoring.googleapis.com.

After terraform plan, it doesn't report any warning/errors, with the following display:

# module.project-factory.module.project-factory.module.project_services.google_project_service.project_services["monitoring"] will be created
  + resource "google_project_service" "project_services" {
      + disable_dependent_services = true
      + disable_on_destroy         = true
      + id                         = (known after apply)
      + project                    = (known after apply)
      + service                    = "monitoring"
    }

After terraform apply, no error reported but eventually timed out with API enablement failed:

module.project-factory.module.project-factory.module.project_services.google_project_service.project_services["monitoring"]: Still creating... [40s elapsed]
module.project-factory.module.project-factory.module.project_services.google_project_service.project_services["dns.googleapis.com"]: Still creating... [40s el

Error: Request project/simple-sample-project-2-f551/services:batchEnable timed out after 20m0s

  on .terraform/modules/project-factory/modules/project_services/main.tf line 30, in resource "google_project_service" "project_services":
  30: resource "google_project_service" "project_services" {

Expected Behavior

The service module should validate the API service input and reports error in plan and apply stage.

References
@ghost ghost added the enhancement label Apr 8, 2021
@slevenick slevenick added bug and removed enhancement labels Apr 12, 2021
@melinath melinath mentioned this issue Apr 21, 2021
Merged
5 tasks
This was referenced Apr 23, 2021
Merged
Merged
@ghost
Copy link

ghost commented May 24, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators May 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@melinath melinath

Labels
bug
Projects
None yet
Milestone
No milestone
3 participants
@melinath @slevenick @gangchen03