hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.33k stars 1.73k forks source link

google_cloud_run_v2_service not uses latest secret version when omiting the version #17769

Open jlenuffgsoi opened 6 months ago

jlenuffgsoi commented 6 months ago

Community Note

Terraform Version

Terraform v1.7.3
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v5.20.0
+ provider registry.terraform.io/hashicorp/google-beta v5.20.0

Affected Resource(s)

google_cloud_run_v2_service

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service

Terraform Configuration

resource "google_cloud_run_v2_service" "default" {
  name     = var.name
  location = var.location
  ingress = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"

  template {
    containers {
      image = var.image
      dynamic "env" {
        for_each = var.env_vars
        content {
          name  = env.key
          value = env.value
        }
      }
      dynamic "env" {
        for_each = var.env_secret_vars
        content {
          name = env.value
          value_source {
            secret_key_ref {
              secret = env.value
            }
          }
        }
      }
    }
  }
}

Debug Output

No response

Expected Behavior

Executing the code should not generate any errors.

Actual Behavior

Code execution throws this error :

╷
│ Error: Error creating Service: googleapi: Error 400: Violation in CreateServiceRequest.service.template.containers[0].env[9].value_source.secret_key_ref.version: should have only alphanumeric characters, hyphens, and underscores, or positive integers
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.BadRequest",
│     "fieldViolations": [
│       {
│         "description": "should have only alphanumeric characters, hyphens, and underscores, or positive integers",
│         "field": "Violation in CreateServiceRequest.service.template.containers[0].env[9].value_source.secret_key_ref.version"
│       }
│     ]
│   }
│ ]
│ 
│   with module.deploy.google_cloud_run_v2_service.default,
│   on ../../../../../../terraform/modules/gcp-run-service/run-service.tf line 1, in resource "google_cloud_run_v2_service" "default":
│    1: resource "google_cloud_run_v2_service" "default" {
│ 
╵

Steps to reproduce

  1. terraform apply

Important Factoids

When we not provide secret version, the latest version should be used.

References

The official documentation states this :

version - (Optional) The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.

b/332942986

shuyama1 commented 6 months ago

Sorry that you're running into this issue and thanks for filing the ticket. I can reproduce the error when template.containers.env.value_source. secret_key_ref.version is not explicitly specified in google_cloud_run_v2_service resource. It doesn't look like version is a required field based on the API doc. Do you start to see this error recently? If so, I wonder if anything has changed backend.

I can confirm this issue and forward this to the service team

jlenuffgsoi commented 6 months ago

I'm sorry, I recently use the google_cloud_run_v2_service resource. So I can't tell from when this error shows up.

craig-king commented 4 weeks ago

I'm also running into this issue. If secret_key_ref.version is unset, the api just throws out BadRequest:

│ Error: Error updating Service "REDACTED-SERVICE": googleapi: Error 400: Violation in UpdateServiceRequest.service.template.containers[0].env[10].value_source.secret_key_ref.version: should have only alphanumeric characters, hyphens, and underscores, or positive integers
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.BadRequest",
│     "fieldViolations": [
│       {
│         "description": "should have only alphanumeric characters, hyphens, and underscores, or positive integers",
│         "field": "Violation in UpdateServiceRequest.service.template.containers[0].env[10].value_source.secret_key_ref.version"
│       }
│     ]
│   }
│ ]

Currently, I'm resolving this by coalescing the value and "latest" to make sure the version field is correct, but it does appear that it is incorrectly marked as optional.