environment variable name GCP_PROJECT is reserved by the system: it cannot be set by users

[Krattan]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.8.5 on ubuntu-20.04

• provider registry.terraform.io/hashicorp/google v5.33.0
• provider registry.terraform.io/hashicorp/archive v2.4.2

Affected Resource(s)

google_cloudfunctions_function

Terraform Configuration

resource "google_cloudfunctions_function" "example" {
  name                  = "fails"
  description           = ""
  available_memory_mb   = 512
  max_instances         = 1
  timeout               = 540
  source_archive_bucket = var.function_storage_bucket
  source_archive_object = module.example.archive_object
  region                = var.region
  runtime               = "nodejs18"
  entry_point           = "myFunction"
  event_trigger {
    event_type = "providers/cloud.pubsub/eventTypes/topic.publish"
    resource   = google_pubsub_topic.example.name
  }
  environment_variables = {
    GCP_PROJECT     = var.project
    FUNCTION_REGION = var.region
  }
}

Debug Output

No response

Expected Behavior

Environment variables should be accessible in my cloud function

Actual Behavior

Terraform fails with the following error when performing terraform apply

│ Error: Error while updating cloudfunction configuration: googleapi: Error 400: The request has errors
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.BadRequest",
│     "fieldViolations": [
│       {
│         "description": "environment variable name FUNCTION_REGION is reserved by the system: it cannot be set by users",
│         "field": "environment_variables"
│       },
│       {
│         "description": "environment variable name GCP_PROJECT is reserved by the system: it cannot be set by users",
│         "field": "environment_variables"
│       }
│     ]
│   }
│ ]
│ , badRequest
│ 

Steps to reproduce

1. terraform apply

Important Factoids

When I remove the specified variables from the environment variables my application fails with the following error

│ Error: Error while updating cloudfunction configuration: Error waiting for Updating CloudFunctions Function: Error code 3, message: Function failed on loading user code. This is likely due to a bug in the user code. Error message: Provided module can't be loaded.
│ Is there a syntax error in your code?
│ Detailed stack trace: Error: Invalid env var GCP_PROJECT. Expected string and got undefined.
│     at ensureNonEmptyStringEnvVar (/workspace/node_modules/@ikea-ingka-dam/config/dist/config.js:8:15)
...

When using gcp console I could deploy the function with the environment variable set successfully.

References

No response

b/347987656

[ggtisc]

Hi @Krattan !

A 400 error indicates that the server cannot or will not process the request due to something that is perceived to be a client error.

And according to this description the variables don't have a value: Invalid env var GCP_PROJECT. Expected string and got undefined.

You need to declare values for these variables like this.

variable "project" {
  type = string
  default = "my-project"
}

variable "region" {
  type = string
  default = "us-central1"
}

A reserved keyword(in this example for environment variables) is as the name suggests just reserved, but that doesn't mean that it has a default value. You need to declare by yourself

[Krattan]

Hi @ggtisc!

I missed to add this to the ticket but yes, my variables are declared and set in another file.

// dev/main.tf module "my-example" { source = "../modules/my-example" project = "my-project" region = "europe-west1" ... }

// modules/my-example/variables.tf variable "region" { default = "europe-west1" type = string }

variable "project" { type = string }

The problem is not that the variables are not set in terraform, the problem is that if I set the variables to the specified environment variable names terraform will fail saying they are reserved by the system, however when checking the deployed function the specified environment variables are in fact not set by the system making my function code crash.

(Actual behaviour is the error I get when setting the environment variables, Important factoid is when I do not)

This has been working before since I have the same setup in several running cloud functions, and they seem to continue working on redeploy as long as I do not touch those environment variables in the configuration.

[ggtisc]

Thank you @Krattan, the reserved variables may depend on the system, and the 2nd error is a normal behavior because you are not assigning a value for these variables in the 2nd example. So you could use this code as reference or change the variable names according to your system:

variable "project" {
  type = string
  default = "my-project-name"
}

variable "region" {
  type = string
  default = "us-central1"
}

resource "google_storage_bucket" "bucket_18408" {
  name     = "bucket-18408"
  location = "US"
}

resource "google_storage_bucket_object" "bucket_object_18408" {
  name   = "index18408.zip"
  bucket = google_storage_bucket.bucket_18408.name
  source = "./utils/google_cloud_repository/index.zip"
}

resource "google_pubsub_topic" "pubsub_topic_18408" {
  name = "pubsub-topic-18408"
}

resource "google_cloudfunctions_function" "function_18408" {
  name                  = "function-18408"
  description           = "something"
  available_memory_mb   = 512
  max_instances         = 1
  timeout               = 540
  source_archive_bucket = google_storage_bucket.bucket_18408.name
  source_archive_object = google_storage_bucket_object.bucket_object_18408.name
  region                = var.region
  runtime               = "nodejs18"
  entry_point           = "helloGET"
  event_trigger {
    event_type = "providers/cloud.pubsub/eventTypes/topic.publish"
    resource   = google_pubsub_topic.pubsub_topic_18408.name
  }
  environment_variables = {
    GCP_PROJECT     = var.project
    FUNCTION_REGION = var.region
  }
}

[Krattan]

Hi,

I worked around it by renaming the environment variables to PROJECT_ID PROJECT_REGION

I will have to live with not knowing why google are reserving environment variable names that they are not actually using :)

[ggtisc]

Could you please share the official link of the google environment variables to verify this information?

[Krattan]

https://cloud.google.com/functions/docs/configuring/env-var#runtime_environment_variables_set_automatically Indicates that the environment variable should not be reserved, however the 'Actual Behaviour' error message from the original post says otherwise.

[ggtisc]

After some tries I didn't get the same error, and the documentation says that this is not reserved. I'm forwarding this to check if this is right.