Google-beta seems to be using non-existent project with google_firebase_project. What should I do?

Terraform Providers Google
1

Objective

I am trying to fix a Firebase deployment managed in Terraform. My module looks something like this…

data "google_client_config" "default_project" {
    provider = google-beta
}
data "google_project" "project" {
    provider = google-beta
    project_id = var.gcp_project
}
 
resource "google_firebase_project" "default" {
    provider = google-beta
    project  = var.gcp_project
}

# enable billing API
resource "google_project_service" "cloud_billing" {
    provider = google-beta
    project = google_firebase_project.default.id
    service = "cloudbilling.googleapis.com"
}

# enable firebase
resource "google_project_service" "firebase" {
    provider = google-beta
    project = google_firebase_project.default.id
    service = "firebase.googleapis.com"
}

# enable access context manage api

resource "google_project_service" "access_context" {
    provider = google-beta
    project = google_firebase_project.default.id
    service = "accesscontextmanager.googleapis.com"
}
resource "google_firebase_web_app" "app" {
    provider = google-beta
    project = data.google_project.project.project_id
    display_name = "firestore-controller-${google_firebase_project.default.display_name}"

    depends_on = [
        google_firebase_project.default,
        google_project_service.firebase,
        google_project_service.access_context,
        google_project_service.cloud_billing
    ]
}

data "google_firebase_web_app_config" "app" {
    provider   = google-beta
    web_app_id = google_firebase_web_app.app.app_id
}

resource "google_storage_bucket" "storage" {
    provider = google-beta
    name     = "firestore-controller-${google_firebase_project.default.display_name}"
    location = "US"
}

locals {
  
    firebase_config = jsonencode({
        appId              = google_firebase_web_app.app.app_id
        apiKey             = data.google_firebase_web_app_config.app.api_key
        authDomain         = data.google_firebase_web_app_config.app.auth_domain
        databaseURL        = lookup(data.google_firebase_web_app_config.app, "database_url", "")
        storageBucket      = lookup(data.google_firebase_web_app_config.app, "storage_bucket", "")
        messagingSenderId  = lookup(data.google_firebase_web_app_config.app, "message_sender_id", "")
        measurementId      = lookup(data.google_firebase_web_app_config.app, "measurement_id", "")
    })

}

resource "google_storage_bucket_object" "firebase_config" {
    provider = google-beta
    bucket = google_storage_bucket.storage.name
    name = "firebase-config.json"

    content = local.firebase_config
}

Issue

Unfortunately, this fails at google_firebase_project.default with the following message:

{
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/764086051850",
│       "service": "firebase.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }

This is strange because a project with that number does not exist (unless it’s some kind of root project that I’m having trouble finding). If this is the the project number for some child of the project I am providing to google_firebase_project.default that is also strange; var.gcp_project_name certainly has this service enabled.

What I’ve tried thusfar

  • Removing tfstate.
  • Refactoring back and forth from legacy modules.

I have double-checked and confirmed that the google-beta provider does indeed recognize the correct project in its configuration when using data.google_project without specifying a project_id.

Where is this mysterious projects/764086051850 coming from?

2

See comments on SO.

You can’t use ADCs. projects/764086051850 is a Google-owned project used for ADC interactions. It does not have Firebase enabled and you cannot enable it.