GCloud terraform export - unknown resource type: google_logging_log_sink

Question

I followed Google's instructions to export my GCloud project in a terraform format. I tried using gcloud alpha and gcloud beta and the result is the same: It creates a resource named google_logging_log_sink, for which I can't find documentation in Terraform's Google Cloud Platform Provider.

The commands I executed are in the following order, with + to show the generated files and folders. They worked the same using gcloud alpha and gcloud beta, and I omit sensitive data:

$> gcloud alpha resource-config bulk-export --path=terraform-export --project=PROJECT_ID --resource-format=terraform

+ ./terraform-export/...

$> gcloud beta resource-config terraform generate-import terraform-export

+ ./gcloud-export-modules.tf
+ ./terraform_import_2022MMDD-HH-mm-ss.sh

$> terraform init

+ ./.terraform/…
+ ./terraform.lock.hcl

$> zsh ./terraform_import_2022MMDD-HH-mm-ss.sh # <- the errors are thrown here

+ ./.terraform.tfstate.lock.info
+ ./.terraform.tfstate.backup

There are specifically two errors in that script, their commands and messages are the following.

1. unknown resource type: google_logging_log_sink:

$> terraform import module.terraform-export-PROJECTNUMBER-PROJECTNUMBER-Project-LoggingLogSink.google_logging_log_sink.a_required PROJECTNUMBER###_Required

module.terraform-export-PROJECTNUMBER-PROJECTNUMBER-Project-LoggingLogSink.google_logging_log_sink.a_required: Importing from ID "PROJECTNUMBER###_Required"...
╷
│ Error: unknown resource type: google_logging_log_sink
│ 
│ 
╵

(I also tried adding a space in PROJECTNUMBER###_Required -> PROJECT_NUMBER ###_Required and it fails with the same message.)

2. Cannot import non-existent remote object:

$> terraform import module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID projects/PROJECTID/serviceAccounts/[email protected]

module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Importing from ID "projects/PROJECTID/serviceAccounts/[email protected]"...
module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Import prepared!
  Prepared google_service_account for import
module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID: Refreshing state... [id=projects/PROJECTID/serviceAccounts/[email protected]]
╷
│ Error: Cannot import non-existent remote object
│ 
│ While attempting to import an existing object to "module.terraform-export-projects-PROJECTID-IAMServiceAccount.google_service_account.PROJECTID", the provider detected that no object exists with the given id. Only
│ pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.
╵

Calling terraform -v shows the following versions:

Terraform v1.2.1
on darwin_amd64
 + provider registry.terraform.io/hashicorp/google_v4.22.0

• How do I solve these errors?
• Would fixing the google_logging_log_sink error also allow the second failing command to succeed?

I have looked for some documentation of the google_logging_log_sink resource but have found none, so don't know if I need to change it for some other resource name. I also think my terraform CLI and the google provider versions should be working. I couldn't find the version of the format in which gcloud is exporting the project.

Answer 1

As of Jun 2022, there is no fix! The config connector that lets you use Google Cloud's Terraform bulk-export tool needs this fix. In future versions, you can expect this to be fixed.

The simple workaround for now, is to ignore the Terraform Export only for google_logging_log_sink resource and remove it.

Answer 2

I fixed this by replacing google_logging_log_sink with google_logging_project_sink - see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/logging_project_sink