Hello , I use terraform to create projects in gcp with terraform. There is a requirement to query a data source once project and services are enabled , but i don’t want to use depend_on in data source as it triggers changes in every subsequent runs.
Example code
resource "google_project" "project" {
for_each = local.project_attr
name = each.key
project_id = each.key
billing_account = each.value.billing_account
folder_id = each.value.folder_id
}
// Enable services for a project
resource "google_project_service" "service" {
for_each = local.project_attr
service = each.value.services_enable
project = google_project.project[each.value.project].project_id
disable_dependent_services = true
disable_on_destroy = true
}
data "google_storage_project_service_account" "gcs_account" {
for_each = local.project_attr
project = google_project.project[each.value.project].project_id
}
My Tfvars looks like
project_attributes = {
"ritesh21" = {
"services_enable" = "storage.googleapis.com"
"folder_id" = "",
"billing_account" = ""
}
}
After doing terraform apply , creation of project goes fine , now when i update my tfvars adding one more project to be created.
project_attributes = {
“ritesh22” = {
“services_enable” = “storage.googleapis.com”
“folder_id” = “xxxx”,
“billing_account” = “xxx”
},
“ritesh23” = {
“services_enable” = “storage.googleapis.com”
“folder_id” = “xxxx”,
“billing_account” = “xxxx”
}
}
And do terraform apply it fails
Error: Error when reading or editing GCS service account not found: googleapi: Error 400: Unknown project id: 'pp-p-ritesh23', invalid
on main.tf line 55, in data "google_storage_project_service_account" "gcs_account":
55: data "google_storage_project_service_account" "gcs_account" {
Normally datasource attribute project = google_project.project[each.value.project].project_id
should be able to create the dependency but it’s failing on project doesn’t exist.
I can solve this by adding depends_on in data source
data "google_storage_project_service_account" "gcs_account" {
for_each = local.project_attr
project = google_project.project[each.value.project].project_id
depends_on = [google_project.project, google_project_service.service]
}
But doing this makes all subsequents run , detect a change . I know that’s the reason using depends_on data sources in not recommened , do we have any way we can achieve it.