Hello
Here is the use case
- On GCP we have terraform code to create all our GCP projects. We have thousands of projects.
- On theses existing projects, quotas were managed outside terraform.
- we would like to setup default quota only on new projects
ignore_change would allow to ignore future quotas changes
How can it be done ?
I tried
data "google_project" "main" {
project_id = google_project.main.project_id
}
locals {
project_exists = try(data.google_project.main.project_id, false)
}
resource "google_service_usage_consumer_quota_override" "override" {
provider = google-beta
count = local.project_exists ? 0 : 1
dimensions = {
region = "us-central1"
}
project = google_project.main.project_id
service = "compute.googleapis.com"
metric = urlencode("compute.googleapis.com/n2_cpus")
limit = urlencode("/project/region")
override_value = "8"
force = true
}
but inforturnately, the count condition says
The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created.
Thanks for any ideas
Hi @mldmld68,
It would help if you formatted the config in your post so that it can be more easily read, and copy&pasted from the example to help others identify any issues.
Your post title claims you have 2 managed resources in question, but your configuration only contains a single managed resource. If you are attempting to use a data resource to represent a resource managed elsewhere in the same configuration it can cause a variety of confusing situations. A data resource it meant to represent a known pre-existing resource outside of the configuration, you can’t hide the logical inconsistency with try. The try expression here isn’t really doing anything anyway, since data.google_project.main.project_id is a static reference that can’t fail evaluation.
Do you have a more complete example of what you are trying to do with multiple resource, or is this the entirety of the situation?
Hello
Oh sorry
I don’t know how to get a better formated display and the whole code. I hope it will be more clear
Here is the target
On a new project
* the data source is empty because the project do not exist yet
* the project is created, the quota is applied
On a existing project
* the data source is not empty because the project exists
* the quota is not applied
Thanks
resource "google_project" "main" {
name = var.project_name
project_id = "${var.project_name}
folder_id = "folders/${var.folder_id}"
billing_account = var.billing_account
lifecycle {
ignore_changes = [project_id]
}
project_services = concat(var.project_base_services, var.other_project_services, local.enable_vpc_sc ? ["accesscontextmanager.googleapis.com"]: [])
}
data “google_project” “main” {
project_id = google_project.main.project_id
}
locals {
project_exists = try(data.google_project.main.project_id, false)
}
resource “google_service_usage_consumer_quota_override” “override” {
provider = google-beta
count = local.project_exists ? 0 : 1
dimensions = {
region = “us-central1”
}
project = google_project.main.project_id
service = “compute.googleapis.com”
metric = urlencode(“compute.googleapis.com/n2_cpus”)
limit = urlencode(“/project/region”)
override_value = “8”
force = true
}
Summary
Blockquote
There is no reason for the google_project data resource if the google_project is managed in the same place. Whether project_exists is true or false is statically defined within the configuration, so trying to obfuscate that behind a data resource will prevent Terraform from being able to create a complete plan.
If google_service_usage_consumer_quota_override needs to be created based on the condition of whether another managed resource instance will also be created, you usually want to just base their respective count or for_each expressions on the same source of truth.
1 Like