terraform-google-gcr-cleaner
terraform-google-gcr-cleaner copied to clipboard
mirakl
Running the same Terraform context (state file) with different GCP account types
TL;DR
When using this module within the same Terraform context (the same tfstate) but with different GCP account types (e.g. using a GCP user account in the developer's local machine and a GCP service account in the CI/CD pipeline) the module produces two different plans. I know that this is because if the job is deployed with a service account(SA), that service account needs two more roles to act-as the cleaner SA and the invoker SA. But, in the end, I think we shouldn't take for granted that the terraform will always be run with a service account or a user account.
Expected behavior
The module should produce the same plan either running with a user account or a service account.
Observed behavior
The module produces two different plans if we run it with a user account and then with a service account.
Terraform Configuration
module "gcr_cleaner" {
source = "mirakl/gcr-cleaner/google"
version = "~> 1.4"
# App Engine attributes
app_engine_application_location = "us-central"
cloud_run_service_location = "us-central-1"
gcr_repositories = [
{
storage_region = "us"
clean_all = true
parameters = {
keep = 5
grace = "48h"
dry_run = false
}
}
]
}
Terraform Version
Terraform v1.1.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v4.11.0
+ provider registry.terraform.io/hashicorp/google-beta v4.11.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/time v0.7.2
Your version of Terraform is out of date! The latest version
is 1.2.9. You can update by downloading from https://www.terraform.io/downloads.html
Additional information
No response
