-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
"google_access_context_manager_service_perimeter" this resource is unable to delete project while configuring lifecycle. #18626
Comments
Hi @mkurimeti! Could you be clearer with what are you looking to delete? After create the resources with your configuration which is the same as this terraform registry example nothing out of the ordinary occurred after
The Google provider version used for this example was 5.36.0 with the Terraform version 1.9.1 |
Hi @ggtisc, I am trying to delete/modify the project here - (resource = "projects/987654321") but it is unable to remove the projects from the VPCSC perimeter. In my use case I am modularised the terraform code and passing the resource as list(objects) and iterating projects_id's through the loop and when removing the project id's for the deleted project in the plan it is detecting the changes and in destroy stage also it is showing project removed but still it is showing in the console. |
As you can see in the terraform registry alerts of this resource, several adjustments must be made to the project to make use of this service, not just changing the value of the resource, such as ensuring that the This tells us 2 things: The first is that in addition to having to take care of the complete configuration, the resource is linked to the project configurations, which results in the second, which is a behavior typical of Terraform. With resources like this, whose configurations are linked directly to the project by changing this value in the linked argument (in this case the Therefore, the alternatives are to do a |
Hi @ggtisc , All my configuration are wrt alerts in the resource, and all the projects were tagged to the same billing project and under one org. And I am not using any User ADCs , I am using a ServiceAccount with all privileges. By default for the other resources when we configure the lifecycle it will just ignore the manual changes and the resources which we configured through terraform we can add and delete the resources. But here it is unable to delete the resource which is configured through the terraform in the below attribute when I configured the lifecycle. resource = "projects/987654321" This resource dons't support this kind of delete? |
The tfvars looks like a terraform file where you are storing some variables as normal. But it isn't clear why you are mentioning that. In the shared example you aren't sharing any code that use this file. After some tries the result with the shared code was the same in creation and deletion, successful without errors. |
Community Note
Terraform Version & Provider Version(s)
Terraform latest
on GitLab CI/CD
Affected Resource(s)
resource "google_access_context_manager_service_perimeter_resource" "service-perimeter-resource" {
perimeter_name = google_access_context_manager_service_perimeter.service-perimeter-resource.name
resource = "projects/987654321"
}
resource "google_access_context_manager_service_perimeter" "service-perimeter-resource" {
parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all"
title = "restrict_all"
status {
restricted_services = ["storage.googleapis.com"]
}
lifecycle {
ignore_changes = [status[0].resources]
}
}
resource "google_access_context_manager_access_policy" "access-policy" {
parent = "organizations/123456789"
title = "my policy"
}
While updating and deleting the values form the tfvars for this argument
resource = "projects/987654321"
It is able to add new projects but it is unable to delete the projects from the VPCSC perimeter, when removing the projects form tfvars.
Terraform Configuration
Running the terraform pipeline on GitLab CI/CD and for the runner using the terraform latest image from the docker registry.
Debug Output
Unable to delete the project while removing from the tfvars. In the plan output it is showing need to delete and after apply as well it is showing deletion successful. But it is not removing the project from VPCSC Perimeter while I am verifying from the GCP Cloud console.
Expected Behavior
It need to remove the project from the VPCSC perimeter, even lifecycle is configured on the status block. when we are deleting the project from tfvars.
Actual Behavior
Unable to delete the project while removing from the tfvars.
Steps to reproduce
terraform apply
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: