Last active
July 7, 2022 08:16
-
-
Save edonosotti/9a3e49b0ac28ad211fbda26d422eb3bc to your computer and use it in GitHub Desktop.
Create a Google Cloud Project from scratch with Terraform (contains a workaround for a Google Cloud Platform API issue)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ======================================================== | |
# Create Google Cloud Projects from scratch with Terraform | |
# ======================================================== | |
# | |
# This script is a workaround to fix an issue with the | |
# Google Cloud Platform API that prevents to fully | |
# automate the deployment of a project _from scratch_ | |
# with Terraform, as described here: | |
# https://stackoverflow.com/questions/68308103/gcp-project-creation-via-api-doesnt-enable-service-usage-api | |
# It uses the `gcloud` CLI: | |
# https://cloud.google.com/sdk/gcloud | |
# in the pipeline. The `gcloud` CLI therefore needs to be | |
# installed and provided with sufficient credentials to | |
# consume the API. | |
# Full article: | |
# https://medium.com/rockedscience/how-to-fully-automate-the-deployment-of-google-cloud-platform-projects-with-terraform-16c33f1fb31f | |
# Set variables to reuse them across the resources | |
# and enforce consistency. | |
variable project_id { | |
type = string | |
default = "my-test-project" # Change this | |
} | |
variable region { | |
type = string | |
default = "europe-west1" # Change this | |
} | |
variable zone { | |
type = string | |
default = "europe-west1-b" # Change this | |
} | |
variable services { | |
type = list | |
default = [ | |
# List all the services you use here | |
"bigquery.googleapis.com" | |
] | |
} | |
# Set the Terraform provider | |
provider "google" { | |
project = var.project_id | |
region = var.region | |
zone = var.zone | |
# Ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override | |
user_project_override = true | |
} | |
# Create the project | |
resource "google_project" "project" { | |
name = var.project_id | |
project_id = var.project_id | |
} | |
# Use `gcloud` to enable: | |
# - serviceusage.googleapis.com | |
# - cloudresourcemanager.googleapis.com | |
resource "null_resource" "enable_service_usage_api" { | |
provisioner "local-exec" { | |
command = "gcloud services enable serviceusage.googleapis.com cloudresourcemanager.googleapis.com --project ${var.project_id}" | |
} | |
depends_on = [google_project.project] | |
} | |
# Wait for the new configuration to propagate | |
# (might be redundant) | |
resource "time_sleep" "wait_project_init" { | |
create_duration = "60s" | |
depends_on = [null_resource.enable_service_usage_api] | |
} | |
# Enable other services used in the project | |
resource "google_project_service" "services" { | |
for_each = toset(var.services) | |
project = var.project_id | |
service = each.key | |
disable_dependent_services = false | |
disable_on_destroy = false | |
depends_on = [time_sleep.wait_project_init] | |
} | |
# Add a resource (just a demo, change as needed) | |
resource "google_bigquery_dataset" "my_test_dataset" { | |
dataset_id = "my_test_dataset" | |
location = var.region | |
# Note the dependency, add this to every resource | |
# you create with Terraform | |
depends_on = [google_project_service.services] | |
} |
Thank you for sharing this. Do you allow it to be used under a licence, e.g. MIT?
Thank you for sharing this. Do you allow it to be used under a licence, e.g. MIT?
Hi @nacnudus
yes, definitely MIT. I should have specified it in the comments, I will fix it. In the meanwhile, feel free to use it!
Thank you very much!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This fixes the following errors:
List Project Services {REDACTED}
returned error: Failed to list enabled services for project {REDACTED}: googleapi: Error 403: Service Usage API has not been used in project {REDACTED} before or it is disabled.serviceusage.googleapis.com
cloudresourcemanager.googleapis.com