Terraform-provider-google: Enabling the Cloud Resource Manager API requires the Cloud Resource Manager API

Created on 13 Apr 2020  ยท  7Comments  ยท  Source: hashicorp/terraform-provider-google


Community Note

  • Please vote on this issue by adding a ๐Ÿ‘ reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave _+1_ or _me too_ comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.12.24
+ provider.google v3.16.0
+ provider.google-beta v3.16.0
+ provider.random v2.2.1
+ provider.tfe v0.15.1

Affected Resource(s)

  • google_project_service

Terraform Configuration Files

resource "google_project_service" "enable_cloud_resource_manager_api" {
  service                    = "cloudresourcemanager.googleapis.com"
  disable_dependent_services = true
}

Debug Output

Initializing plugins and modules...
2020/04/13 03:17:23 [DEBUG] Using modified User-Agent: Terraform/0.12.24 TFC/f66d27aece
module.vpc.google_project_service.enable_cloud_resource_manager_api: Creating...
module.dbproxy.google_project_service.enable_cloud_resource_manager_api: Creating...

Error: Error reading Project Service : Request "List Project Services studybeast-prod" returned error: googleapi: Error 403: Cloud Resource Manager API has not been used in project 872178313720 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=872178313720 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

  on ../modules/dbproxy/main.tf line 77, in resource "google_project_service" "enable_cloud_resource_manager_api":
  77: resource "google_project_service" "enable_cloud_resource_manager_api" {

Expected Behavior

terraform should've enabled the Cloud Resource Manger API (cloudresourcemanager.googleapis.com).

Actual Behavior

It queries the API before enabling it. The query fails because it doesn't have access to that yet ๐Ÿ˜€
The dependency of google_project_service on the Cloud Resource Manager API is a special case. Enabling any other API would've worked.

Steps to Reproduce

  1. Add the google_project_service snippet above to any project.
  2. Run terraform apply

References

The google_project_service docs.

  • #0000
bug
Source
picture ryboe

Most helpful comment

can you confirm that you are trying to enable API for this project 872178313720 ?
Yes, that's the project I've been using for terraform practice.

I think the fact that you can't use google_project_service to enable the Cloud Resource Manager API should at least be documented. Ideally, you would get a descriptive error explaining that google_project_service requires you to manually enable the Cloud Resource Manager API.

picture ryboe on 14 Apr 2020
👍3

All 7 comments

@y0ssar1an if terraform service account belongs to different project then resource manager API have to be enabled there first before we use that account to enable/disable that API in other projects. Please enable them on the Cloud console (one time activity) first.

can you confirm that you are trying to enable API for this project 872178313720 ?

venkykuberan picture venkykuberan on 13 Apr 2020

can you confirm that you are trying to enable API for this project 872178313720 ?
Yes, that's the project I've been using for terraform practice.

I think the fact that you can't use google_project_service to enable the Cloud Resource Manager API should at least be documented. Ideally, you would get a descriptive error explaining that google_project_service requires you to manually enable the Cloud Resource Manager API.

ryboe picture ryboe on 14 Apr 2020
👍3

I can enable the Cloud Resource Manager API through google_project_service without any issues. However i get that error when the terraform service account was created on a project and tries to enable a service on a different project. In that case API have to be enabled on the main project first (either though API or manual) where the service account belongs to before you use that account on other projects.

Does your terraform service account was created in the project 872178313720 ?

venkykuberan picture venkykuberan on 14 Apr 2020

I can enable the Cloud Resource Manager API through google_project_service without any issues.

I made a fresh GCP project, created one service account with the Project Owner role (full permissions), and created a terraform file with one google_project_service resource.

// main.tf
terraform {
  required_version = "~> 0.12.24"
  required_providers {
    google = "~> 3.16.0"
  }
}

provider "google" {
  project = "onyx-principle-274307"
  region  = "us-central1"
  zone    = "us-central1-a"
}

resource "google_project_service" "crm_api" {
  service = "cloudresourcemanager.googleapis.com"
}

I set GOOGLE_ACCOUNT_CREDENTIALS to the service account key on my machine. Then I ran terraform init and terraform apply and got the same error.

google_project_service.crm_api: Creating...

Error: Error reading Project Service : Request "List Project Services  onyx-principle-274307" returned error: googleapi: Error 403: Cloud Resource Manager API has not been used in project 649200222322 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=649200222322 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured

  on main.tf line 15, in resource "google_project_service" "crm_api":
  15: resource "google_project_service" "crm_api" {

This is for enabling the Cloud Resource Manger API in project 649200222322, which is where the service account was created.

ryboe picture ryboe on 15 Apr 2020

I see some issues in 3.16.0, can you upgrade your provider to 3.17.0 from 3.16.0 and run the config. I see its working in 3.17.0 and 3.5.0, somewhere between a change introduced causing this error.

venkykuberan picture venkykuberan on 15 Apr 2020

I can confirm this worked in 3.17.0. I'm not sure what changed, but thanks for the fix ๐Ÿ‘

ryboe picture ryboe on 17 Apr 2020

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error ๐Ÿค– ๐Ÿ™‰ , please reach out to my human friends ๐Ÿ‘‰ [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 17 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ryu1kn picture ryu1kn  ยท  32Comments
hashibot picture hashibot  ยท  30Comments
Mistobaan picture Mistobaan  ยท  35Comments
drzero42 picture drzero42  ยท  29Comments
sereeth picture sereeth  ยท  25Comments