Not able to attach cloud armor edge policy to gcp load balancer backend bucket

[sachinmane1983]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Affected Resource(s)

gcp load balancer backend bucket

• google_XXXXX

Terraform Configuration Files

# Copy-paste your Terraform configurations here.
#
# For large Terraform configs, please use a service like Dropbox and share a link to the ZIP file.
# For security, you can also encrypt the files using our GPG public key:
#    https://www.hashicorp.com/security
#
# If reproducing the bug involves modifying the config file (e.g., apply a config,
# change a value, apply the config again, see the bug), then please include both:
# * the version of the config before the change, and
# * the version of the config after the change.

Debug Output

Error: Unsupported argument │ │ on terraform-modules/bucket/main.tf line 197, in resource "google_compute_backend_bucket" "cdn": │ 197: security_policy = var.security_policy_edge │ │ An argument named "security_policy" is not expected here.

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

1. terraform apply

Important Factoids

References

• 0000

[edwardmedia]

@sachinmane1983 can you provide details what you are trying to do? If you have the terraform code, can you share? If you see an issue when you apply a plan, can you share the debug log?

[sachinmane1983]

i have created cloud armour edge policy via terraform code now i want apply that policy to load balancer backend bucket so i am attaching policy to resource "google_compute_backend_bucket" "cdn": getting error in resource "google_compute_backend_bucket" "cdn": │ 209: security_policy = var.security_policy_edge │ │ An argument named "security_policy" is not expected here. ╵

`resource "google_compute_security_policy" "policy_edge" {
  for_each = var.security_policies_edge
  type     = "CLOUD_ARMOR_EDGE"

  project = var.project_id
  name    = each.key

  dynamic "rule" {
    for_each = each.value
    content {
      action   = "allow"
      priority = each.value[0]["priority"]
      match {
        versioned_expr = "SRC_IPS_V1"
        config {
          src_ip_ranges = each.value[0]["ips"][*].cidr_block
        }
      }
      description = each.value[0]["description"]
    }
  }

  rule {
    action   = "deny(404)"
    priority = "2147483647"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    description = "Deny all by default"
  }
}

resource "google_compute_backend_bucket" "cdn" {
  name        = "bucket-${local.domestic_name_rfc1035safe}"
  description = "Backend for serving static content through CDN"
  bucket_name = google_storage_bucket.cdn.name
  enable_cdn  = var.backend_bucket_enable_cdn
  security_policy = var.security_policy_edge

  dynamic "cdn_policy" {
    for_each = var.backend_bucket_enable_cdn ? [1] : []
    content {
      cache_mode        = var.backend_bucket_cache_mode
      serve_while_stale = var.backend_bucket_serve_while_stale
      default_ttl       = var.backend_bucket_cache_default_ttl
      max_ttl           = var.backend_bucket_cache_max_ttl
      client_ttl        = var.backend_bucket_cache_client_ttl
    }
  }
} 

variable "security_policy_edge" {
  type        = string
  description = "attach to LB backend bucket"
  default     = "" # Set a default value or leave it empty if you prefer
}`

[edwardmedia]

b/299338053