google_access_context_manager_service_perimeter_ingress_policy can not update changes ingress rule

[aweberlopes]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Affected Resource(s)

• google_access_context_manager_service_perimeter_ingress_policy

Terraform Configuration Files

resource "google_access_context_manager_service_perimeter_ingress_policy" "ingress_policy1" {
  perimeter = "accessPolicies/958460720704/servicePerimeters/bdaa_ts7a1_dev"
  ingress_from {
    identity_type = "ANY_IDENTITY"
    sources {
      resource = "projects/972974151154"
    }
  }
  ingress_to {
    resources = ["*"]
    operations {
      service_name = "storage.googleapis.com"
      method_selectors {
        method = "*"
      }
    }
    operations {
      service_name = "bigquery.googleapis.com"
      method_selectors {
        method = "*"
      }
    }
  }
}

Debug Output

Panic Output

Expected Behavior

If you add a new operations block to already created rule or change it then it should update the ingress rule.

Actual Behavior

╷
│ Error: Unable to update ServicePerimeterIngressPolicy "accessPolicies/958460720704/servicePerimeters/bdaa_ts7a1_dev" - not found in list
│ 
│   with google_access_context_manager_service_perimeter_ingress_policy.ingress_policy1,
│   on main.tf line 1, in resource "google_access_context_manager_service_perimeter_ingress_policy" "ingress_policy1":
│    1: resource "google_access_context_manager_service_perimeter_ingress_policy" "ingress_policy1" {
│ 

Steps to Reproduce

1.Create a Ingress Rule with only one Operation
2. tf apply
3. Add another operations block
4. tf apply
5. The error should happened
6. Again a terraform apply is creating a new Rule and the old rule stays and is not in the state anymore

1. terraform apply

Important Factoids

I used a SA for auth because of the restrictions of Access Context Manager API

References

• #0000

[edwardmedia]

b/287060819

[Charlesleonius]

Hi @aweberlopes, it seems that google_access_context_manager_service_perimeter_ingress_policy and google_access_context_manager_service_perimeter_egress_policy don't currently work as intended. I am looking into how we can resolve this and will hopefully have a time line for you soon. In the meantime, you can use google_access_context_manager_service_perimeters where all the configuration for the perimeter will exist in a singular resource.

[aweberlopes]

Hello any update on this?

i know the perimeter ressource but i need this ressource to add dynamicaly ingress and egress rules

[Charlesleonius]

As of now, there is no update but I am working on prioritizing this to improve the experience.

[kofe05]

Hi @Charlesleonius
is there any update on this issue?
Thanks

[kofe05]

Hi @Charlesleonius @edwardmedia

I tested this feature again today and it seems that the issue still is in place. I would really love to use this resource, but in the current state it is diffcult for me to make use of it.

Do you by chance can share any hint or indication about fixes for this issue?

Thanks and br
Jannik

[maleksah]

Hello,
Do you have any update on this issue please ?
Thanks

[Charlesleonius]

Sorry I don't have any updates yet. We are currently working on triaging and prioritizing Terraform issues. I will provide an update soon.