Correct usage of "service_directory_registrations" block in "google_compute_forwarding_rule" with PSC / Private Service Connect?

[ppuschmann]

Question

Hi,

the configuration example for "Forwarding Rule VPC PSC" shows this configuration:

// Forwarding rule for VPC private service connect
resource "google_compute_forwarding_rule" "default" {
  name                    = "psc-endpoint"
  region                  = "us-central1"
  load_balancing_scheme   = ""
  target                  = google_compute_service_attachment.producer_service_attachment.id
  network                 = google_compute_network.consumer_net.name
  ip_address              = google_compute_address.consumer_address.id
  allow_psc_global_access = true
}

which I would extend with the following block to configure the Service Directory namespace and service name:

  service_directory_registrations {
    namespace = "my-psc"
    service   = "my-psc-service"
  }

Given the PSC-Attachment is configure with the attribute domain domain = "dev.psc.example.com.", I'd expect the service to be discoverable as:

my-psc-service.dev.psc.example.com

While provisioning this configuration I get an error message:

// Forwarding rule for VPC private service connect
resource "google_compute_forwarding_rule" "default" {
  name                    = "psc-endpoint"
  region                  = "us-central1"
  load_balancing_scheme   = ""
  target                  = google_compute_service_attachment.producer_service_attachment.id
  network                 = google_compute_network.consumer_net.name
  ip_address              = google_compute_address.consumer_address.id
  allow_psc_global_access = true

  service_directory_registrations {
    namespace = "my-psc"
    service   = "my-psc-service"
  }
}

If I remove the service, I can provision the PSC-Endpoint / Forwarding Rule.

Only that my service then is only discoverable via the hostname producer-service-euw1.dev.psc.example.com.

Where do the single parts come from?

• producer-service is the name of the PSC-Attachment
• -euw1 comes from the provider somehow (yes, I'm doing this in europe-west1)
• dev.psc.example.com is the domain I configure in the PSC-Attachment

My expectation (with a working service attribute in service_directory_registrations) would have been:

• my-psc-service.dev.psc.example.com

Questions

• Can I use the attribute service in service_directory_registrations? If "yes": how?
• How can I define the port for the entry in the Service Discovery that was generated by PSC?

Provider Version

Terraform provider: google, version 5.26.0

[slavayssiere-stacklabs]

Same behaviour on 5.42.0. Any idea to solve this ?