google_project is recreated for no apparent reason

[magiconair]

AFAICT, after upgrading the provider from 1.11 to 1.15 the google provider wants to re-create the entire project for no apparent reason. I've added a google_cloudbuild_trigger and ran tf plan and noticed that TF wants to re-create the google_project.

I have not found a way to deal with this since executing this plan will delete the project.

Any advice is greatly appreciated.

Terraform Version

Terraform v0.11.7
+ provider.google v1.15.0

Affected Resource(s)

• google_project

Terraform Configuration Files

# use google cloud bucket for terraform state files
terraform {
  backend "gcs" {
    # bucket = "${var.project_id}-tf-state" # does not work
    bucket = "northvolt-test-tf-state"
  }
}

provider "google" {
  region = "${var.region}"
  zone   = "${var.zone}"
}

resource "google_project" "northvolt-test" {
  name            = "northvolt-test"
  project_id      = "${var.project_id}"
  billing_account = "${var.billing_account}"
  org_id          = "${var.org_id}"
}

resource "google_project_services" "northvolt-test" {
  project = "${google_project.northvolt-test.project_id}"

  services = [
    "bigquery-json.googleapis.com",
    "cloudapis.googleapis.com",
    "clouddebugger.googleapis.com",
    "cloudiot.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "cloudtrace.googleapis.com",
    "compute.googleapis.com",
    "container.googleapis.com",
    "containerregistry.googleapis.com",
    "datastore.googleapis.com",
    "deploymentmanager.googleapis.com",
    "dns.googleapis.com",
    "iam.googleapis.com",
    "logging.googleapis.com",
    "monitoring.googleapis.com",
    "oslogin.googleapis.com",
    "pubsub.googleapis.com",
    "replicapool.googleapis.com",
    "replicapoolupdater.googleapis.com",
    "resourceviews.googleapis.com",
    "servicemanagement.googleapis.com",
    "sql-component.googleapis.com",
    "stackdriver.googleapis.com",
    "stackdriverprovisioning.googleapis.com",
    "storage-api.googleapis.com",
    "storage-component.googleapis.com",
  ]
}
...

Debug Output

I'm a bit uncomfortable providing this since it seems to contain sensitive data about our project or am I misinterpreting this?

Expected Behavior

Nothing.

Actual Behavior

Note: This will (actually has) destroyed my project.

-/+ google_project.northvolt-test (new resource required)
      id:                  "northvolt-test" => <computed> (forces new resource)
      app_engine.#:        "1" => "0" (forces new resource)
      auto_create_network: "true" => "true"
      billing_account:     "xxx" => "xxx"
      folder_id:           "" => <computed>
      name:                "northvolt-test" => "northvolt-test"
      number:              "xxx" => <computed>
      org_id:              "xxx" => "xxx"
      policy_data:         "" => <computed>
      policy_etag:         "" => <computed>
      project_id:          "northvolt-test" => "northvolt-test"
      skip_delete:         "" => <computed>


Plan: 1 to add, 0 to change, 1 to destroy.

Steps to Reproduce

1. terraform plan

Important Factoids

This started after I wanted to add a google_cloudbuild_trigger and had to upgrade the google provider from 1.11.

References

No

[pdecat]

Hi, probably related to this breaking change mentioned in the 1.13 release notes.

Workaround: add an app_engine block.

[magiconair]

Hmm, I don't recall enabling AppEngine since I've tried that in the previous project and found out the hard way that I had to destroy the project to get rid of it.

I can confirm that adding an empty app_engine {} block works. Also great learning from #1561 to protect resources with lifecycle { prevent_destroy = true }.

[magiconair]

Closing as duplicate of #1561

[leighmhart]

For reference, if your terraform binary isn't updated to the latest, the provider may silently destroy your project without mentioning the change/intent in a plan. Just happened to me with 0.10.7

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!