Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] Failed to recreate APigee organisation in the same Project #155

Open
mhdjomaa3450 opened this issue Sep 2, 2024 · 0 comments
Open

[Fix] Failed to recreate APigee organisation in the same Project #155

mhdjomaa3450 opened this issue Sep 2, 2024 · 0 comments

Comments

@mhdjomaa3450
Copy link

mhdjomaa3450 commented Sep 2, 2024
edited
Loading

Once an Apigee organization is created in a specific project, two resources (Key Rings) are also created within that project. These resources are managed by the apigee-x-core module, specifically the kms-org-db and kms-inst-disk . However, when you destroy the environment using the terraform destroy command, these two resources are not deleted permanently

KeyRings cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed KeyRing will remove it from state but will not delete the resource from the project. for more details pls check out this link: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_key_ring

Delete an Apigee organization.

For organizations with BillingType EVALUATION, an immediate deletion is performed. For paid organizations (Subscription or Pay-as-you-go), a soft-deletion is performed. The organization can be restored within the soft-deletion period, which is specified using the retention field in the request or by filing a support ticket with Apigee. During the data retention period specified in the request, the Apigee organization cannot be recreated in the same Google Cloud project.
The default data retention setting for this operation is 7 days. To permanently delete the organization in 24 hours, set the retention parameter to MINIMUM. https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations/delete#deletionretention

When running terraform apply again to recreate the apigee in the same project , you might encounter the following error:

Error: Error creating KeyRing: googleapi: Error 409: KeyRing projects/bespin-apigee-test-2-433209/locations/me-central2/keyRings/apigee-instance already exists.
with module.apigee-x-core.module.kms-inst-disk["instance"].google_kms_key_ring.default[0], on .terraform/modules/apigee-x-core.kms-inst-disk/modules/kms/main.tf line 32, in resource "google_kms_key_ring" "default":
32: resource "google_kms_key_ring" "default" {

Error: Error creating KeyRing: googleapi: Error 409: KeyRing projects/bespin-apigee-test-2-433209/locations/me-central2/keyRings/apigee-x-org already exists.
with module.apigee-x-core.module.kms-org-db.google_kms_key_ring.default[0],
on .terraform/modules/apigee-x-core.kms-org-db/modules/kms/main.tf line 32, in resource "google_kms_key_ring" "default":
32: resource "google_kms_key_ring" "default" {

The solution to remove the project and create the Apigee in a new project is not considered best practice. To address this issue, We can add a random_string resource and use it as a postfix in the names of these two resources as shown below.

resource "random_string" "key_random_suffix" {
  length  = 6
  special = false
}


module "kms-org-db" {
  source     = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/kms?ref=v28.0.0"
  project_id = var.project_id
  iam = {
    "roles/cloudkms.cryptoKeyEncrypterDecrypter" = ["serviceAccount:${google_project_service_identity.apigee_sa.email}"]
  }
  keyring = {
    location = coalesce(var.org_kms_keyring_location, var.ax_region)
    # name     = var.org_kms_keyring_name --> delete this line
     name     = "${var.org_kms_keyring_name}-${random_string.key_random_suffix.result}"
  }
  keyring_create = var.org_kms_keyring_create
  keys = {
    org-db = { rotation_period = var.org_key_rotation_period, labels = null }
  }
}

module "kms-inst-disk" {
  for_each   = var.apigee_instances
  source     = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/kms?ref=v28.0.0"
  project_id = var.project_id
  iam = {
    "roles/cloudkms.cryptoKeyEncrypterDecrypter" = ["serviceAccount:${google_project_service_identity.apigee_sa.email}"]
  }
  keyring = {
    location = coalesce(each.value.keyring_location, each.value.region)
    name     = "${coalesce(each.value.keyring_name, "apigee-${each.key}")}-${random_string.key_random_suffix.result}"
   # name     = coalesce(each.value.keyring_name, "apigee-${each.key}") --> delete this line
  }
  keyring_create = each.value.keyring_create
  keys = {
    (each.value.key_name) = {
      rotation_period = each.value.key_rotation_period
      labels          = each.value.key_labels
    }
  }
}
mhdjomaa3450 added a commit to mhdjomaa3450/apigee-terraform-modules that referenced this issue Sep 2, 2024
@mhdjomaa3450
Update main.tf
51b4d28 
[Fix] Failed to recreate APigee organisation in the same Project
apigee#155
This was referenced Sep 2, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mhdjomaa3450