google_compute_forwarding_rule should be recreated when used for PSC and target is changing

[steffencircle]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.5.7 on windows_amd64. linux_amd64

• provider registry.terraform.io/hashicorp/google v5.42.0

Affected Resource(s)

google_compute_forwarding_rule

Terraform Configuration

resource "google_compute_forwarding_rule" "psc_fwd_rule" {
  name                  = var.psc_consumer_name
  project               = google_compute_address.psc_address.project
  target                = var.psc_consumer_target
  region                = local.landing_zone_region
  network               = data.google_compute_subnetwork.psc_consumer.network
  ip_address            = google_compute_address.psc_address.id
  load_balancing_scheme = ""
}

Debug Output

No response

Expected Behavior

The resource should be re-created when used as a Private Service Connect Endpoint and the value for target gets changed after an initial apply. A Patch is not supported.

From the API docs: For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. The target is not mutable once set as a service attachment.

Actual Behavior

The Provider tries to update the resource, which fails with the following error: Error: Error updating ForwardingRule "projects/landing-project/regions/europe-west3/forwardingRules/psc-forwarding-rule-001": googleapi: Error 400: Invalid value for field 'target.target': 'https://compute.googleapis.com/compute/v1/projects/my-project/regions/europe-west3/serviceAttachments/k8s-api-reverse-proxy'. Cross project referencing is not allowed for this resource., invalid

Steps to reproduce

1.) Deploy a Forwarding rule with Target set to a ServiceAttachment 2.) Change the target 3.) Run terraform apply

Important Factoids

No response

References

No response

[ggtisc]

Hi @steffencircle!

You have a couple of things that we don't have access to. To replicate this issue please provide your data, locals and variables values, if they have sensitive information just specify that we can use any value for them. But also consider that by not having this information you will have to double check certain information on your own since we do not have access to those values.

On the other hand:

• Is Private Service Connect your project name, or what is it for you?
• Is psc-forwarding-rule-001 the initial name of your current google_compute_forwarding_rule?
• Have you changed the name or configuration of your google_compute_forwarding_rule? If that is the case share with us the initial configuration of this resource.