terraform-provider-google
terraform-provider-google copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
Destroying a google_cloud_identity_group resource that has at least one OWNER member fails
Terraform Version
$ terraform -v
Terraform v0.13.4
Affected Resource(s)
- google_cloud_identity_group
- google_cloud_identity_group_membership
Terraform Configuration Files (if applicable)
resource "google_cloud_identity_group" "group" {
provider = google-beta
display_name = "google_cloud_identity_group test"
parent = "customers/CXXXXXXXX"
group_key {
id = "[email protected]"
}
labels = {
"cloudidentity.googleapis.com/groups.discussion_forum" = ""
}
}
resource "google_cloud_identity_group_membership" "group_memberships" {
provider = google-beta
group = google_cloud_identity_group.group.id
member_key {
id = "[email protected]"
}
roles {
name = "MEMBER"
}
roles {
name = "OWNER"
}
}
Issue Description
Destroying a group that has at least one OWNER member fails with the following error
Error: Error when reading or editing GroupMembership: googleapi: Error 400: Error(4007): Cannot remove the OWNER role in membership 'groups/xxxxxxxxxxxxxx/memberships/NNNNNNNNNNNNNNNNNN' becuase it's the last OWNER role in the Google Groups.
This happens because terraform tries to deprovision all the google_cloud_identity_group_membership resources that depend on google_cloud_identity_group first - however APIs prevent deleting the last OWNER member. Note that this doesn't happen if a group has no OWNER members.
b/374162521
