Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform apply throws Error 409: alreadyExists when re-creating google_kms_key_ring #1214

Closed
phausman opened this issue Mar 18, 2018 · 3 comments
Closed

terraform apply throws Error 409: alreadyExists when re-creating google_kms_key_ring #1214

phausman opened this issue Mar 18, 2018 · 3 comments

Comments

@phausman
Copy link

Terraform Version

Terraform v0.11.4
+ provider.google v1.7.0

Affected Resource(s)

  • google_kms_key_ring

Terraform Configuration Files

variable project_id {
  type = "string"
  default = ""
}

provider "google" {
  project = "${var.project_id}"
  credentials = "account.json"
}

resource "google_kms_key_ring" "my_key_ring" {
  project   = "${var.project_id}"
  name      = "my-key-ring"
  location  = "europe"
}

resource "google_kms_crypto_key" "my_crypto_key" {
  name     = "my-crypto-key"
  key_ring = "${google_kms_key_ring.my_key_ring.id}"
}

Expected Behavior

GCP resources google_kms_key_ring and google_kms_crypto_key can't be deleted. This is by design. But if they already exist, terraform should skip their creation and not break the deployment.

Actual Behavior

When resource google_kms_key_ring already exists, calling terraform apply throws the Error 409: alreadyExists, which breaks the deployment:

google_kms_key_ring.my_key_ring: Error creating KeyRing: googleapi: Error 409: KeyRing projects/my-project/locations/europe/keyRings/my-key-ring already exists., alreadyExists

Steps to Reproduce

  1. terraform apply <- google_kms_key_ring does not exist yet, command succeeds
  2. terraform destroy
  3. terraform apply <- this is where terraform throws Error 409: alreadyExists.
@phausman
Copy link
Author

Looks like this has already been raised in #518 (comment) and answered in #518 (comment).

And the answer is to import google_kms_key_ring before calling terraform apply, https://www.terraform.io/docs/providers/google/r/google_kms_key_ring.html#import.

@todd-dsm
Copy link

A helper script for those who also diddled with this way too long.

Is this not best solved with data source, like everything we need to discover along the way?

@ghost
Copy link

ghost commented Nov 16, 2018

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 16, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phausman @todd-dsm