Cannot move a project which was created with org_id into a folder

Question

Cannot move a project which was created with org_id into a folder

tjun opened this issue 7 years ago · 10 comments

tjun commented 7 years ago

Terraform Version

Terraform v0.11.7

provider.google v1.14.0

Affected Resource(s)

google_project

Terraform Configuration Files

resource "google_project" "project_a" {
  name        = "project-a"
  project_id = "project-a"

  billing_account = "xxxxxxxx"
  folder_id = "folders/00000000"
  # org_id = "00000000" 
  skip_delete = false
}

Expected Behavior

Remove org_id field and add folder_id will move a project into the folder

Actual Behavior

Got the following error, even though I removed the org_id

google_project.project_a: 'org_id' and 'folder_id' cannot be both set.

Steps to Reproduce

terraform apply to create a GCP project with org_id
Remove the org_id line, and add folder_id
Run terraform apply again

Answer 1 · 2018-06-26T22:20:41.000Z

Thanks for the report! This is a limitation of Terraform, unfortunately - the org id and folder id are both Optional / Computed, which means they get set on the server side if not explicitly provided. That means Terraform can't tell when you remove org_id - it just gets the value from the server. You'll need to explicitly set it to "", I think.

Answer 2 · 2018-06-26T23:38:50.000Z

@ndmckinley

Thanks for the comment!
I tried org_id = "" and got the same error.

Answer 3 · 2018-06-27T18:01:44.000Z

Hm, interesting! Let me see what I can figure out there.

Answer 4 · 2018-06-27T18:28:15.000Z

Hm! It seems Terraform can't tell the difference between set to empty-string and unset, and so it's picking up the computed value. I wonder if there's any way at all to make Terraform understand this. I'll keep trying to figure it out.

Answer 5 · 2018-06-27T19:29:38.000Z

Okay, unfortunately this problem isn't going to be addressable with HCL in its current state. I'm told there's lots of changes coming down the pipe, but for now, here's the only workaround I can figure out.

Go into your terraform.tfstate file and manually remove the line reading "org_id": 1234567, under the project resource's primary attributes block. Run terraform apply -refresh=false -target=google_project.your_project, with the new config (with org_id removed), and it should work. It worked when I tested it locally. You might not want to do this if there are other changes pending - -refresh=false is tricky that way.

Answer 6 · 2018-06-28T03:21:08.000Z

OK, thanks!

Answer 7 · 2018-06-28T21:09:23.000Z

I just got bitten by this with an imported project, but the suggested approach fixed it. Thanks @ndmckinley.

Answer 8 · 2018-08-16T18:20:07.000Z

@ndmckinley Is there any way we could try to work around this within the provider? It's a problem I'm seeing pretty frequently.

Answer 9 · 2018-08-16T18:40:57.000Z

This is one of the most-common problems with HCL and the current ResourceData model. Working around it would require either getting code submitted to terraform core (which we've been advised won't be possible until 0.12 is out) or some very hacky work with reflection that's very likely to break when 0.12 comes out in any event. Unfortunately this workaround is the best we've got for now.

Answer 10 · 2018-11-17T14:00:29.000Z

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!