google_network_connectivity_spoke with linked_router_appliance_instances returns "Error 400: router appliance URI must contain /locations"

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version

Terraform v1.7.3 hashicorp/google v5.17.0

Affected Resource(s)

google_network_connectivity_spoke with linked_router_appliance_instances specification

Terraform Configuration

resource "google_network_connectivity_spoke" "vm" {
  description = "NCC hub to spoke VMs  hub2-to-net1vm1"
  hub         = "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/locations/global/hubs/hub2"
  labels      = {
    "name" = "hub2-to-net1vm1"
  }
  location = "us-east1"
  name     = "hub2-to-net1vm1"
  project  = "PROJECT_ID"

  linked_router_appliance_instances {
    site_to_site_data_transfer = true
    instances {
      ip_address      = "10.0.0.11"
      virtual_machine = "https://www.googleapis.com/compute/v1/pprojects/PROJECT_ID/zones/us-east1-a/instances/net1vm1"
    }
  }
}

Debug Output

Below is the output of the apply

$ terraform apply 
Terraform will perform the following actions:

  # google_network_connectivity_spoke.vm will be created
  + resource "google_network_connectivity_spoke" "vm" {
      + create_time      = (known after apply)
      + description      = "NCC hub to spoke VMs  hub2-to-net1vm1"
      + effective_labels = {
          + "name" = "hub2-to-net1vm1"
        }
      + hub              = "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/locations/global/hubs/hub2"
      + id               = (known after apply)
      + labels           = {
          + "name" = "hub2-to-net1vm1"
        }
      + location         = "us-east1"
      + name             = "hub2-to-net1vm1"
      + project          = "PROJECT_ID"
      + state            = (known after apply)
      + terraform_labels = {
          + "name" = "hub2-to-net1vm1"
        }
      + unique_id        = (known after apply)
      + update_time      = (known after apply)

      + linked_router_appliance_instances {
          + site_to_site_data_transfer = true

          + instances {
              + ip_address      = "10.0.0.11"
              + virtual_machine = "https://www.googleapis.com/compute/v1/pprojects/PROJECT_ID/zones/us-east1-b/instances/net1vm1"
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_network_connectivity_spoke.vm: Creating...
╷
│ Error: Error creating Spoke: googleapi: Error 400: router appliance URI "https://www.googleapis.com/compute/v1/pprojects/PROJECT_ID/zones/us-east1-b/instances/net1vm1" is invalid: malformed path "projects/PROJECT_ID/zones/us-east1-b/instances/net1vm1" - must contain /locations
│ 
│   with google_network_connectivity_spoke.vm,
│   on main.tf line 138, in resource "google_network_connectivity_spoke" "vm":
│  138: resource "google_network_connectivity_spoke" "vm" {
│ 
╵

Expected Behavior

Should create a spoke with instance(s) it in like the Web Console supports.

Below is a display of the creation via the console. Note the virtualMachine selfLink correctly references /zones/ as a qualifier. The use of /locations/ is in the hub specification, not the VMs.

$ gcloud network-connectivity spokes list --format json --project PROJECT_ID
[
  {
    "createTime": "2024-02-21T16:47:05.209409308Z",
    "hub": "projects/PROJECT_NUMBER/locations/global/hubs/hub2",
    "linkedRouterApplianceInstances": {
      "instances": [
        {
          "ipAddress": "10.0.0.11",
          "virtualMachine": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-east1-b/instances/net1vm1"
        },
        {
          "ipAddress": "10.0.0.12",
          "virtualMachine": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-east1-b/instances/net1vm2"
        }
      ],
      "siteToSiteDataTransfer": true,
      "vpcNetwork": "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/networks/net1"
    },
    "name": "projects/PROJECT_ID/locations/us-east1/spokes/hub2-2-vm1",
    "spokeType": "ROUTER_APPLIANCE",
    "state": "ACTIVE",
    "uniqueId": "0c62239e-8104-4c9e-92b7-55fd1737d483",
    "updateTime": "2024-02-21T16:47:16.684829700Z"
  }
]

Actual Behavior

An error is returned saying that the URI string for the VM instance should have /locations in the string when in fact /zones is in the reference to VMs.

google_network_connectivity_spoke.vm: Creating...
╷
│ Error: Error creating Spoke: googleapi: Error 400: router appliance URI "https://www.googleapis.com/compute/v1/pprojects/PROJECT_ID/zones/us-east1-b/instances/net1vm1" is invalid: malformed path "projects/PROJECT_ID/zones/us-east1-b/instances/net1vm1" - must contain /locations
│ 
│   with google_network_connectivity_spoke.vm,
│   on main.tf line 138, in resource "google_network_connectivity_spoke" "vm":
│  138: resource "google_network_connectivity_spoke" "vm" {
│ 
╵

Steps to reproduce

terraform apply

Important Factoids

The documentation is unclear that multiple VMs should be listed. The documentation error was noted in April 2023 but has not been corrected.

References

b/327064919

hashicorp / terraform-provider-google