Skip to content

Commit

Permalink
Stablize default service account in plan
Browse files Browse the repository at this point in the history 
The default service account data resource currently uses a depends_on
flag added to prevent a race condition in
#141

Due to the way that Terraform refreshes data resources, Terraform thinks
that the data resource has changed when in actuality it hasn't:
hashicorp/terraform#11806 (comment)

By changing to use a null data resource that interpolates the default
service account email, the data resource will only change when the project
number does.
  • Loading branch information
@thefirstofthe300
thefirstofthe300 committed Feb 28, 2019
1 parent c4bfa04 commit 84235ea
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions modules/core_project_factory/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,26 +135,26 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
/******************************************
Default compute service account retrieval
*****************************************/
data "google_compute_default_service_account" "default" {
project = "${google_project.main.id}"

depends_on = ["google_project_service.project_services"]
data "null_data_source" "default_service_account" {
inputs = {
email = "${google_project.main.number}[email protected]"
}
}

/******************************************
Default compute service account deletion
*****************************************/
resource "null_resource" "delete_default_compute_service_account" {
provisioner "local-exec" {
command = "${path.module}/scripts/delete-service-account.sh ${local.project_id} ${var.credentials_path} ${data.google_compute_default_service_account.default.id}"
command = "${path.module}/scripts/delete-service-account.sh ${local.project_id} ${var.credentials_path} ${data.null_data_source.default_service_account.outputs["email"]}"
}

triggers {
default_service_account = "${data.google_compute_default_service_account.default.id}"
default_service_account = "${data.null_data_source.default_service_account.outputs["email"]}"
activated_apis = "${join(",", var.activate_apis)}"
}

depends_on = ["google_project_service.project_services", "data.google_compute_default_service_account.default"]
depends_on = ["google_project_service.project_services", "data.null_data_source.default_service_account"]
}

/******************************************
Expand Down

0 comments on commit 84235ea

Please sign in to comment.