Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google_cloud_run_v2_service does not return vpcAccess connector ID in expected format #17735

Open
ivangreene opened this issue Mar 31, 2024 · 3 comments
Open

google_cloud_run_v2_service does not return vpcAccess connector ID in expected format #17735

ivangreene opened this issue Mar 31, 2024 · 3 comments
Assignees
@ggtisc
Labels
bug forward/review In review; remove label to forward service/run waiting-response

Comments

@ivangreene
Copy link

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version

Terraform v1.7.5
on darwin_arm64

  • provider registry.terraform.io/hashicorp/google v5.22.0
  • provider registry.terraform.io/hashicorp/google-beta v5.22.0

Affected Resource(s)

google_cloud_run_v2_service

Terraform Configuration

resource "google_cloud_run_v2_service" "my_service" {
  name     = "my_service"
  location = local.region
  ingress  = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"
  template {}

  lifecycle {
    ignore_changes = [name, location, template, client]
  }
}

Debug Output

Cannot post full debug output due to this being an internal service, but I think I have identified the root cause: The Google API is returning the connector ID in the format {connector}, while the API is expecting it to be PATCHed back in the format projects/{project}/locations/{location}/connectors/{connector}.

(The connector id is replaced with connectorid below. In the real output, it is just the short connector id, and not in the project/project/... format)

Snippet of the initial response to the GET request from the Google API (found via TF_LOG=DEBUG):

2024-03-31T11:34:18.050-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:     "vpcAccess": {
2024-03-31T11:34:18.050-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:       "connector": "connectorid",
2024-03-31T11:34:18.050-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:       "egress": "PRIVATE_RANGES_ONLY"
2024-03-31T11:34:18.050-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:     },

Snippet of the PATCH request:

2024-03-31T11:34:22.129-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:   "vpcAccess": {
2024-03-31T11:34:22.129-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:    "connector": "connectorid",
2024-03-31T11:34:22.129-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:    "egress": "PRIVATE_RANGES_ONLY"
2024-03-31T11:34:22.129-0400 [DEBUG] provider.terraform-provider-google_v5.22.0_x5:   }

Expected Behavior

The terraform apply should work. This should be fixed by either:

  • The Google API responding with the VPC access connector in the right format (projects/{project}/locations/{location}/connectors/{connector})

or

  • The connector modifying the request to be in the right format, when it receives an id in the short format

Actual Behavior

It fails with this error message

Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "must be in form projects/{project}/locations/{location}/connectors/{connector}.",
        "field": "Violation in UpdateServiceRequest.service.template.vpc_access.connector"
      }
    ]
  }
]

Steps to reproduce

  1. terraform apply

Important Factoids

Getting this error when trying to update a cloud run v2 service that is externally managed, while ignoring changes to template, etc. So just trying to update other properties, while keeping everything else the same. Basically, terraform can't post back the response it receives without an error

References

No response
@ivangreene ivangreene added the bug label Mar 31, 2024
@github-actions github-actions bot added forward/review In review; remove label to forward service/run labels Mar 31, 2024
@ggtisc ggtisc self-assigned this Apr 1, 2024
@ggtisc
Copy link
Collaborator

ggtisc commented Apr 1, 2024

@ivangreene the issue was replicated many times without error messages, just try to follow something similar like in the documentation example for the template argument

Also, the format was returned correctly in this way -> projects/{project}/locations/{location}/connectors/{connector}

@ivangreene
Copy link
Author

@ggtisc I will try to build a fully self contained example

@ivanzhujunwei
Copy link

I had the same issue, but it turns out I was using the wrong ID, make sure to use the ID from google_vpc_access_connector.connector.id in your resource google_cloud_run_v2_service. Hope it could resolve the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggtisc ggtisc

Labels
bug forward/review In review; remove label to forward service/run waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ivanzhujunwei @ivangreene @ggtisc