Inconsistent expectation of either "projects/[PROJECT_ID]" or "[PROJECT_ID]" as project_id argument of different resources.

[renaudguerin]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The google_project resource has an id attribute that returns an identifier for the created project in projects/{{project}} format.

One could legitimately expect to be able to pass this attribute unchanged to any other resource that require a project_id, however this doesn't seem to work consistently.

For many (but not all) resources, the GCP API call fails with errors such as :

Error: googleapi: Error 400: Unknown project id: projects/my-project-123456, invalid

Error: Error waiting to create Network: Error waiting for Creating Network: error while retrieving operation: googleapi: Error 400: Invalid value for field 'project': 'projects/my-project-123456'. 

Error: Error creating the custom project role projects/projects/my-project-123456/roles/bucket_list: googleapi: got HTTP response code 404 with body: 

In order to work around this, we started using trimprefix(google_project.my_project.id, "projects/") as the project argument for the affected resources, until we realised that a resource's input args are also copied as outputs, and so using project = google_project.my_project.project_id in the referring resource's definition works just as well.

I suppose we could simply use .project_id everywhere instead of .id, but I'm not sure if some of the resources that do currently accept a "fully qualified" project ID as an argument would then start failing (or behaving subtly differently, or become tainted) if passed a "short" project ID instead.

Either way, there's definitely an inconsistency here which may well be at the API level, but I wonder if there's a way the provider could help smooth this out and make the call with the correct format expected for a particular endpoint ?

New or Affected Resource(s)

Some examples of resources that do work with a project argument in projects/{{project}} format :

• google_project_iam_member
• google_service_account
• google_bigquery_dataset

Some examples of resources that fail to apply with a project argument in projects/{{project}} format :

• google_project_iam_custom_role
• google_project_iam_binding
• google_compute_network

References

Another issue where this caused confusion :

• google_project exported attribute "id" shouldn't have the prefix string "project/" #10381

[rileykarson]

Note: any field called project should accept the {{project}} format, and it should be considered a bug if not. This is an enhancement to add broader support for projects/{{project}}

[kmj251]

When will this be fixed? It's been open for almost 2 years and it's quite frustrating that we can't use output attributes from one resource as a value for an argument of a different resource. In my case, I'm using Terraform to create a project for a pub/sub then creating a service account inside of that project.