小贝子编程

google_artifact_registry_repository似乎忽略了'depends_on'属性?



我正在尝试创建一个新项目,然后在新项目中创建一个新的Google Artifact Registry。以下是Terraform的资源:

resource "google_project" "my_project" {
name = "My Project Name"
project_id = "my-project-id-abc"
billing_account = "BILLING-ACCOUNT-ID"
}
resource "google_artifact_registry_repository" "my_ar" {
provider = google-beta
format = "DOCKER"
repository_id = "myreponame"
location = "europe-west1"
project = google_project.my_project.project_id
depends_on = [google_project_service.artifactregistry_googleapis_com]
}
resource "google_project_service" "artifactregistry_googleapis_com" {
project = google_project.my_project.project_id
service = "artifactregistry.googleapis.com"
}

这几乎总是在第一个terraform apply上失败,并出现以下错误消息:

Error: Error creating Repository: googleapi: Error 403: Permission 'artifactregistry.repositories.create' denied on resource '//artifactregistry.googleapis.com/projects/my-project-id-abc/locations/europe-west1' (or it may not exist).
Details:
[
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "artifactregistry.googleapis.com",
"metadata": {
"permission": "artifactregistry.repositories.create",
"resource": "projects/my-project-id-abc/locations/europe-west1"
},
"reason": "IAM_PERMISSION_DENIED"
}
]

立即再次运行相同的命令总是成功,并显示以下消息:

Terraform will perform the following actions:
# google_artifact_registry_repository.my_ar will be created
+ resource "google_artifact_registry_repository" "my_ar" {
+ create_time   = (known after apply)
+ format        = "DOCKER"
+ id            = (known after apply)
+ location      = "europe-west1"
+ name          = (known after apply)
+ project       = "my-project-id-abc"
+ repository_id = "myreponame"
+ update_time   = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
google_artifact_registry_repository.my_ar: Creating...
google_artifact_registry_repository.my_ar: Still creating... [10s elapsed]
google_artifact_registry_repository.my_ar: Creation complete after 12s [id=projects/my-project-id-abc/locations/europe-west1/repositories/myreponame]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

depends_on = [google_project_service.artifactregistry_googleapis_com]属性的角色是否不支持在创建工件存储库之前等待一切就绪?

使用null_resource资源来延迟提供临时修复:

resource "google_artifact_registry_repository" "my_ar" {
project = google_project.my_project.project_id
provider = google-beta
format = "DOCKER"
repository_id = "myreponame"
location = "europe-west1"
depends_on = [null_resource.delay]
}
# in many scenarios the above artifact registries are created while the apis are not yet active
# this is a know issue: https://github.com/hashicorp/terraform-provider-google/issues/9902
# and this delay buys some time before creating the above repositories.
resource "null_resource" "delay" {
depends_on = [ google_project_service.artifactregistry_googleapis_com ]
provisioner "local-exec" {
command = "sleep 120"
}
triggers = {
project = google_project. my_project.id
}
}

对于需要时间配置的资源,null_resource更优雅的替代方案是time_sleep资源:

resource "google_project" "my_project" {...}
resource "time_sleep" "wait-for-my_project" {
create_duration = "30s"
depends_on = [google_project.my_project]
}
resource "google_artifact_registry_repository" "my_ar" {
...
depends_on = [time_sleep.wait-for-my_project]
}
# ...etc.

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium