How to validate an existing resource to avoid their re-creation

david.linares1 · December 22, 2023, 7:58pm

Hi.

I work with GCP provider and we have different modules to create resources in our GCP projects. I develop the cloud sql module and inside this module there is a depends_on that require an existing VPC before the creation of the instance.

I got an error when I tried to create a new instance in an existing project when I use the module. The error said that there is already a VPC and it failed. Is there a way to avoid this issue since it couldn’t be a problem because it’s ok to have a VPC.

Here is the error message:

Error: Error creating Network: googleapi: Error 409: The resource 'projects/projectname/global/networks/company-out-project-vpc' already exists, alreadyExists

Here is part of the module code:

# Get the VPC details
data "google_compute_network" "vpc" {
  name    = lower(var.vpc_name)
  project = var.project_id
}

# CloudSQL Instance
resource "google_sql_database_instance" "instance" {
  depends_on          = [google_project_service.apis, google_service_networking_connection.private_vpc_connection, google_compute_global_address.private]
  project             = var.project_id
  name                = local.instance_name
  database_version    = local.database_version
  region              = var.region
  deletion_protection = var.deletion_protection

My question: is there a way to avoid this error by validating the existing vpc?

Besides this, it also happens the same with our Service Account we have to Read Only and Read Write to cloud sql postgresql instance. This happens when I re-deploying the same main.tf with a different configuration, like adding a flag, changing machie tier, etc.

Error: Error creating service account: googleapi: Error 409: Service account Instancename already exists within project projects/projectname.
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.ResourceInfo",
    "resourceName": "projects/projectname/serviceAccounts/in-ro-mt14@projectname.iam.gserviceaccount.com"
  }
]
, alreadyExists
 
  with module.gcp_cloudsql5.google_service_account.in_ro[0],
  on .terraform/modules/gcp_cloudsql5/main.tf line 71, in resource "google_service_account" "in_ro":
  71: resource "google_service_account" "in_ro" {

For the Service account I’m working with a random suffix that I append to the name but I’m still testing it in different escenarios. I don’t know if with this approach Terraform destroy the existing Service Account since it’s not part of the original infrastructure.
Any suggestion/idea?

btw I create this post by suggestion of @apparentlymart when I posted a comment in an old post: Validate that if it already exists, skip the creation from scratch and execute the code? - #3 by david.linares1

Thanks!

mario.tejada · December 22, 2023, 8:04pm

I have a similar issue to this. There is already a VPC in place and even without making changes to main.tf, Terraform still tries to re-create the VPC and this throws an error because it already exists.

I wonder if this is related to the Google Provider version? Currently using v4.84.0 for Google and Google-beta provider plugins.

Topic		Replies	Views
How to prevent google_sql_database_instance to be replaced Google	0	453	September 21, 2022
Validate that if it already exists, skip the creation from scratch and execute the code? Terraform	4	10425	November 7, 2023
Option to use existing resource Terraform	4	879	December 10, 2021
Conditional creation of modules - with already existing modules Terraform	2	1944	April 19, 2021
Facing Problem with CloudSQL - Terraform Resource Block Google	0	387	June 27, 2022

How to validate an existing resource to avoid their re-creation

Related topics