search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.32k stars 1.73k forks source link

Support `location` being in the domain of a resource's URLs for only a subset of resources in an MMv1 service #12738

Open AarshDhokai opened 2 years ago

AarshDhokai commented 2 years ago

Community Note

Terraform Version

Affected Resource(s)

Terraform Configuration Files (if applicable)

resource "google_tags_tag_binding" "binding" {
     parent = "//sqladmin.googleapis.com/projects/crest-359621/instances/for-tag-bindings"
     tag_value = google_tags_tag_value.value.id
     location = "us-central1"
}

Issue Description

The google_tags_tag_binding create API (https://cloud.google.com/resource-manager/reference/rest/v3/tagBindings/create) doesn't support location attribute because at the back-end it uses service endpoints like https://{{location}}-cloudresourcemanager.googleapis.com/v3/tagBindings for regional resources, but for global resources it uses service endpoint like this : http://cloudresourcemanager.googleapis.com/v3/tagBindings , that i have found out via logs of gcloud cli, as well as the documentation has not mentioned such things. So, if it's possible to provide subset of resources or endpoints that can bind tags to regional resources via API or terraform.

Important Factoids

References

Information about referencing Github Issues: https://github.com/hashicorp/terraform-provider-google/issues/11448

alextodicescu commented 2 years ago

Nice find! So what you're saying is the API doesn't support a location attribute, but rather the location is selected depending on which API service endpoint is used

I did some digging through the code (disclaimer: it's my 1st time looking through it and go is not my 1st language):

If anybody more familiar with the code can point me in the right direction, I can try to create a PR to have something to discuss on

rileykarson commented 2 years ago

Given this is a new pattern, we should handwrite the regional variants of these resources. We're not sure if this pattern will happen in the future, as most APIs we've seen are global-only or regional-only.

nphilbrook commented 2 years ago

Given this is a new pattern, we should handwrite the regional variants of these resources. We're not sure if this pattern will happen in the future, as most APIs we've seen are global-only or regional-only.

@rileykarson So something like a new resource google_tags_location_tag_binding ? I can work on that (which would be part of https://github.com/hashicorp/terraform-provider-google/issues/11448 of course, not this issue).

nphilbrook commented 2 years ago

I noticed this in the cloud run YAML: https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/products/cloudrun/api.yaml#L21 It looks like this is doing something similar? I am digging through the generate golang for this to see if maybe this is already possible. From a cursory look at TF_LOG=DEBUG output from an apply creating a google_cloud_run_service resource, I can confirm that it was hitting the host us-west1-run.googleapis.com for my cloud run service hosted in that region.

nphilbrook commented 2 years ago

Can anyone define the acronym CAI in the context of magic-modules for me?

rileykarson commented 2 years ago

So something like a new resource google_tags_location_tag_binding ?

Yep!

It looks like this is doing something similar? I am digging through the generate golang for this to see if maybe this is already possible.

What's different is that the entire API is regionalized in Cloud Run's case, but only a subset of the API is regionalized for tags. The resource code is probably able to make it most of the way there, but then we end up running into the operation code which differs. There are a few possible ways to work around that (handwrite the operation handler, possible, since the name will give us the URL, create a fake products/ entry for the regional variants and use legacy_name to align the names with the real product, handwrite the resources entirely).

Can anyone define the acronym CAI in the context of magic-modules for me?

Cloud Asset Inventory (https://cloud.google.com/asset-inventory/docs/overview), I think the cai variant in those examples means deregionalized versions of the URLs.

nphilbrook commented 2 years ago

It looks like this is doing something similar? I am digging through the generate golang for this to see if maybe this is already possible.

What's different is that the entire API is regionalized in Cloud Run's case, but only a subset of the API is regionalized for tags. The resource code is probably able to make it most of the way there, but then we end up running into the operation code which differs. There are a few possible ways to work around that (handwrite the operation handler, possible, since the name will give us the URL, create a fake products/ entry for the regional variants and use legacy_name to align the names with the real product, handwrite the resources entirely).

Thanks, it's starting to come together now...handwriting a separate resource seems cromulent for now.

Can anyone define the acronym CAI in the context of magic-modules for me?

Cloud Asset Inventory (https://cloud.google.com/asset-inventory/docs/overview), I think the cai variant in those examples means deregionalized versions of the URLs.

Thank you! It makes more sense now.

rileykarson commented 6 months ago

Resolved by https://github.com/hashicorp/terraform-provider-google/issues/10630 if we do it