New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to update target_https_proxy
from ssl_certificates
to certificate_map
#12513
Failed to update target_https_proxy
from ssl_certificates
to certificate_map
#12513
Comments
I have exactly the same issue, but as a temporary workaround until this is fixed, I used gcloud to attach the certificate map to the target proxy and used the lifecycle meta-argument to ignore changes affecting certificate_map:
This way I can continue to use Terraform without it wanting to destroy changes made with gcloud. |
@c2thorn could you take a look at this? |
The proposed approach of letting both Specifying both for the duration of the migration is the only safe approach. See: https://cloud.google.com/certificate-manager/docs/migrate#apply_the_new_certificate_map_to_the_target_load_balancer |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
modular-magician
user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned tohashibot
, a community member has claimed the issue already.Terraform Version
Affected Resource(s)
Terraform Configuration Files
This failure is happening with the change updating the
ssl_certificates
to thecertificate_map
, as below:terraform plan
output:Expected Behavior
The target proxy should be updated without errors, and the certificate map is available.
Actual Behavior
terraform apply
fails with the following error:Steps to Reproduce
google_compute_target_https_proxy
withssl_certificates
.certificate_map
and removessl_certificates
at the same time.terraform apply
Research
This seems to be an API call order issue. The provider checks for changes in
ssl_certificates
and call API, beforecertificate_map
.https://github.com/hashicorp/terraform-provider-google/blob/v4.35.0/google/resource_compute_target_https_proxy.go#L366-L433
The error occurs because the Google API does not allow either the SSL certificate or the certificate map to be unbound.
Possible approaches are:
ssl_certificates
andcertificate_map
and add one before deleting one.ssl_certificates
andcertificate_map
ingoogle_compute_target_https_proxy
resource.References
The text was updated successfully, but these errors were encountered: