GCP Provider - Terraform Documentation gap for Private Service Connect

[ayush-jain1]

Description

1. How to create private service connect endpoints using Terraform ? current documentation does not list forwarding rule arguments needed to create an PSC endpoint
   • Argument missing : "serviceDirectoryRegistrations"

Creating PSC endpoint - GCP Documentation

GCP Forwarding Rule - Terraform Documentation

2. Missing "PRIVATE_SERVICE_CONNECT" purpose in terraform subnet documentation

Creating a Private Service Connect Subnet - GCP Documentation

Google Compute Subnet - Terraform Documentation

[rmjamess]

We have been having the same problem. If it helps, I figured out (as an example) the following terraform works to create the internal address and PSC forwarding rule (NB: you cannot change away from the default google namespace using this method):

resource "google_compute_address" "private_service_connect_address" {
  name         = "psc-address-${var.name}"
  address_type = "INTERNAL"
  subnetwork   = var.subnetwork
  project      = var.project_id
  region       = var.region
}

resource "google_compute_forwarding_rule" "private_service_connect_forwarding_rule" {
  name                  = "psc-forwarding-rule-${var.name}"
  load_balancing_scheme = ""
  region                = var.region
  project               = var.project_id
  ip_address            = google_compute_address.private_service_connect_address.id
  target                = var.service_attachment_uri
  network               = var.network
}

[ppuschmann]

@ayush-jain1 thank you for opening this issue.

I had to reverse-configure Terraform with the help of gcloud:

gcloud beta resource-config bulk-export --project=<my-project-id> --resource-format=terraform > tf-export.tf

The value "PRIVATE_SERVICE_CONNECT" is missing in the docs of the current provider version (4.65.2): https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork.html#purpose

[mike-callahan]

Taking this

[richiefrich]

We have been having the same problem. If it helps, I figured out (as an example) the following terraform works to create the internal address and PSC forwarding rule (NB: you cannot change away from the default google namespace using this method):

resource "google_compute_address" "private_service_connect_address" {
  name         = "psc-address-${var.name}"
  address_type = "INTERNAL"
  subnetwork   = var.subnetwork
  project      = var.project_id
  region       = var.region
}

resource "google_compute_forwarding_rule" "private_service_connect_forwarding_rule" {
  name                  = "psc-forwarding-rule-${var.name}"
  load_balancing_scheme = ""
  region                = var.region
  project               = var.project_id
  ip_address            = google_compute_address.private_service_connect_address.id
  target                = var.service_attachment_uri
  network               = var.network
}

This is very broken now.. it seems you need to use a global IP address but it still doesnt work

[AlHood77]

Why is there no PSC terraform documentation? I was testing out Gemini today for the first time and asked it write terraform config for a PSC and it spat out this even though I can't find a reference to this anywhere.

resource "google_private_service_connect_service" "default" {
  name        = "my-private-service-connect-service"
  display_name = "My Private Service Connect Service"
  service     = "//cloud.googleapis.com/service/sql.googleapis.com"
}

resource "google_private_service_connect_connection" "default" {
  name        = "my-private-service-connect-connection"
  display_name = "My Private Service Connect Connection"
  service     = google_private_service_connect_service.default.id
  network     = "projects/${var.project_id}/global/networks/${var.network_name}"
}