Additional validation for 2nd gen cloud function

wyardley commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

With google_cloudfunctions2_function (I have not tested gen1, but might also affect those resources) validation of the build_config => source => repo_source attributes does not seem to be complete

Terraform Version

Terraform v1.3.8
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v4.52.0

Affected Resource(s)

google_cloudfunctions2_function

Terraform Configuration Files

resource "google_cloudfunctions2_function" "driftctl_poc" {
  name        = "driftctl-poc"
  location    = "us-west2"
  description = "Test function POC"

  build_config {
    runtime     = "python310"
    entry_point = "hello_get"

    source {
      repo_source {
        dir = "test_function"
      }
    }
  }

  service_config {
    max_instance_count = 1
    available_memory   = "256M"
    timeout_seconds    = 60
  }
}

Debug Output

Panic Output

Expected Behavior

Terraform validation or plan should fail when repo_source is used and branch, tag or commit sha are not set.

Actual Behavior

│ Error: Error waiting to create function: Error waiting for Creating function: Error code 3, message: Could not build the function due to an invalid argument. generic::invalid_argument: invalid value for 'build.source.repo_source': value for one of 'branch_name', 'tag_name', or 'commit_sha' is required

Steps to Reproduce

terraform apply

Important Factoids

References

b/274816105

wyardley commented 1 year ago

with storage_source (whose attributes are all listed as optional) the same thing happens:

    source {
      storage_source {
        bucket = "gs://xyz"
      }
    }

│ Error: Error creating function: googleapi: Error 400: Could not clone object  from gs://xyz to object driftctl-poc/function-source.zip in bucket gcf-v2-sources-yyyyy-us-west2. FIELD_IS_MISSING : object_name is required in source_object_id

wyardley commented 1 year ago

Additionally, if the creation or deploy of the function fails for any reason, the item doesn't get added to tf state or removed / destroyed, and so the next time, trying to create will fail with an error like:

│ Error: Error creating function: googleapi: Error 409: Resource 'projects/xxx/locations/us-west2/functions/yyy' already exists

until the function is removed manually

edwardmedia commented 1 year ago

Adding validation is reasonable https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions#RepoSource

hashicorp / terraform-provider-google