Terraform - Optional !?

terraform 你他媽的 Optional...

  The following arguments are supported:

  project - (Optional) The ID of the project in which the resource belongs.
  If it is not provided, the project will be parsed from the identifier of
  the parent resource. If no project is provided in the parent identifier
  and no project is specified, the provider project is used.

然後真的塞 project 進去, 就噴:

  Error: Unsupported argument
  An argument named "project" is not expected here.

Terraform - googleapi: Error 409: The Cloud SQL instance already exists

今天改了 mysql 的 resource dependency 要整個砍掉重練看看是不是一鍵順暢建庫成功, 所以先跑了 terraform deploy (因為 db instance deletion protection 有打開, 所以還得在 portal 手動砍掉)再跑 terraform apply 開始蓋, 結果...

  googleapi: Error 409: The Cloud SQL instance already exists.

  When you delete an instance, you can't reuse the name of the deleted
  instance until one week from the deletion date., instanceAlreadyExists

我以為這種鳥蛋限制只會在 Azure 上面出現.... <囧>

這年頭連 GCP 都要做誤刪資料庫甚至刪庫跑路的災難回復服務了?

這還不是最鳥的問題, 而是用 terraform apply 進行 create sql instance 等了超過 20 分鐘, 才噴這個訊息出來, 這種 instance name check 應該放在最前面檢查吧....!@#$

Terraform - the only supported value for workload pool is ...

昨天 terraform 能正常跑完, 今天換了個 project 卻噴出這個訊息, terraform 這塊的設定檔也沒改, 是怎麼噴掉的?

  Error: googleapi: Error 400: Currently, the only supported value for
  workload pool is "foobar.svc.id.goog"., badRequest

打開 TF_LOG 開始追 API query 看了老半天, 覺得沒有問題啊, 再仔細看看... 嗯?

  "workloadIdentityConfig": {
    "identityNamespace": " foobar.svc.id.goog"
  }

怎麼 foobar 前面有個疑似空白的東西, 回去翻 terraform 設定, 這邊是抓 google_project.data.name 來用, 再切到 GCP portal IAM 看看...

  Permissions for project " foobar"

project name 還真的前面有個空白存在... oroz

後來在 IAM -> Settings 把 Project name 前面的空白拿掉, 存檔, 再跑一次 terraform 就正常了...