Solved: Re: Terraform module apigee control plane-error

aramkrishna6 · 10-31-2022 06:35 PM

As per article for Apigee hybrid control plane

terraform init and terraform plan works fine

Gives following error during terraform apply

terraform apply --var-file="myapigeecontrol.tfvars" -var=project_id=$PROJECT_ID -auto-approve

*******

google_apigee_organization.apigee_org: Creating...

Error: Error creating Organization: googleapi: Error 400: Invalid resource field value in the request.
Details:
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.apigee.v1.OrganizationService.CreateOrganization",
"service": "apigee.googleapis.com"

│ "reason": "RESOURCE_PROJECT_INVALID"
with google_apigee_organization.apigee_org,
│ on main.tf line 36, in resource "google_apigee_organization" "apigee_org":
│ 36: resource "google_apigee_organization" "apigee_org" {

******

2) How to decide on usage of terraform version number and hashicorp version number in version.tf

Line 36 of main.tf refers to resource "google_apigee_organization" "apigee_org"

@dino @strebel

strebel

3) This might happen if the org was deleted and re-created. Apigee orgs undergo a soft delete process as documented here https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations/delete. If not I'd recommend you reach out to support and let them take a look at your config.

4) Yes this can happen if your terraform state doesn't match the effective state because some resources were created outside of terraform or because the local state got deleted. In this case a terraform import could bring them back in.

Sample reference here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apigee_organization#i...

View solution in original post

strebel

can you check your authentication. Assuming you're running this locally can you run

cloud auth application-default login

Before the apply?

If that doesn't help I'd recommend you set TF_LOG=debug (details) to get more information about the googleapi call that failed for you.

Assuming you want to install Apigee hybrid: I also have an experimental TF Module here that might be interesting for you: https://github.com/apigee/terraform-modules/blob/main/samples/hybrid-gke/

On your 2) the version number for the google provider is ensure the features you rely on are present (or set a min version) like we do in cloud foundation fabric

aramkrishna6

@strebel

Thanks for details I am running them locally into the cloud using oogle terminal with gcloud and ran the terraform apply after gcloud auth login & got rid of 400 error

Have listed quereis:

1) File listed in terraform-modules/hybrid-demo.tfvars at main · apigee/terraform-modules (github.com) does not refer as module, having module would be right approach ?

3) Listed error with 409 (below error message indicates it creating the organization, there will be instance, where the google organization would have been already created... and indicates that organization is associated with another project

google_apigee_organization.apigee_org: Creating...
╷
│ Error: Error creating Organization: googleapi: Error 409: org mytestorg already associated with another project
│ Details:
│ "@type": "type.googleapis.com/google.rpc.RequestInfo",
│ "requestId": "15421041526339720505"
│ with google_apigee_organization.apigee_org,
│ on main.tf line 36, in resource "google_apigee_organization" "apigee_org":
│ 36: resource "google_apigee_organization" "apigee_org" {

4) For instance, where we need to update existing apigee control plane, my use case mandates only thro terraform, hence will it thro error for existing setup ? or option to indicate that its a modification than creating everything...

strebel

1. This is the variables file that you use to configure the module. Module references don't really make sense in this context. The sibling main.tf refers to downstream modules.

2. 😉

3. Can you confirm that mytestorg is the name of your GCP project? The Apigee Org's name must match your GCP project Id.

4. The terraform resource should take care of the update. You declaratively set your desired state and it figures out which modifications are needed to get there.

aramkrishna6

@strebel Thanks for detailed response.

3) "mytestorg" is the modified name didn't want to post real name

4) If the whole set up already exists, for apigee control plane (and terraform apply has to run, for existing set it up) do we need to run terraform apply using any of update (additional) option in apply command or with any additional command or options ? Because the error indicated about creating of organization, with 409 (which already exists). ie Apigee control plane exists and org is associated with project , when we run apply command and getting above error as indicated above, hence wondering any additional command or options is required ?

strebel

3) This might happen if the org was deleted and re-created. Apigee orgs undergo a soft delete process as documented here https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations/delete. If not I'd recommend you reach out to support and let them take a look at your config.

4) Yes this can happen if your terraform state doesn't match the effective state because some resources were created outside of terraform or because the local state got deleted. In this case a terraform import could bring them back in.

Sample reference here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apigee_organization#i...

artem-chel

Hello @strebel.

Is there any way to force delete an organization?

strebel

sure, if you delete the TF resource the org will be deleted as well.
Make sure you understand the deletion retention period of Apigee X as mentioned in another community comment https://www.googlecloudcommunity.com/gc/Apigee/Apigee-X-Subscription-how-apigee-X-delete-organizatio...