search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.29k stars 1.72k forks source link

cloudrun Service issue when going from launch-stage:beta to launch-stage:ga #19206

Closed bskaplan closed 1 week ago

bskaplan commented 3 weeks ago

Community Note

Terraform Version & Provider Version(s)

Terraform v1.9.3 on linux_amd64

Affected Resource(s)

google_cloud_run_service

Terraform Configuration

see test at https://github.com/GoogleCloudPlatform/magic-modules/blob/bc5def9f8136003836911e78567dc8849a39be6d/mmv1/third_party/terraform/services/cloudrun/resource_cloud_run_service_test.go.erb#L1315

Debug Output

https://gist.github.com/bskaplan/560b83679746aa53fdd6ff24f8b89cdf

Expected Behavior

Test should have completed successfully

Actual Behavior

There was an unexpected diff in effective_annotations for run.googleapis.com/launch-stage

Steps to reproduce

  1. terraform apply a service with a feature that is in beta and set the annotation run.googleapis.com/launch-stage: beta.
  2. update the cloud_run_service config to not depend on any beta features and terraform apply again

Important Factoids

The launch-stage annotation in Cloud Run is a bit weird. On input, it represents the launch stage that you want to allow for new features. The server will respond with the launch stage required for the features used. So if you deploy with launch-stage: BETA but do not use any beta features, the launch stage annotation is removed from the response.

References

This came up while working on https://github.com/GoogleCloudPlatform/magic-modules/pull/11503

melinath commented 3 weeks ago

@zli82016 possibly this is expected? The diff looks like:

 resource "google_cloud_run_service" "default" {
                id                         = "locations/us-central1/namespaces/ci-test-project-188019/services/tftest-cloudrun-lohq0k"
                name                       = "tftest-cloudrun-lohq0k"
                # (4 unchanged attributes hidden)

              ~ metadata {
                  ~ effective_annotations = {
                      + "run.googleapis.com/launch-stage"   = (known after apply)
                        # (6 unchanged elements hidden)
                    }
                    # (9 unchanged attributes hidden)
                }

                # (2 unchanged blocks hidden)
            }
zli82016 commented 3 weeks ago

This is expected. If you don't use any beta features, run.googleapis.com/launch-stage: BETA should not be included in the Terraform configuration.

bskaplan commented 3 weeks ago

The case that is failing is when you previously created a resource using a beta feature and then update the service to not use a beta feature. Removing the launch-stage: BETA annotation from the updated resource does not fix this issue.

zli82016 commented 3 weeks ago

The case that is failing is when you previously created a resource using a beta feature and then update the service to not use a beta feature. Removing the launch-stage: BETA annotation from the updated resource does not fix this issue.

Removing the launch-stage: BETA annotation from the updated resource config should remove the diffs below

 resource "google_cloud_run_service" "default" {
                id                         = "locations/us-central1/namespaces/ci-test-project-188019/services/tftest-cloudrun-lohq0k"
                name                       = "tftest-cloudrun-lohq0k"
                # (4 unchanged attributes hidden)

              ~ metadata {
                  ~ effective_annotations = {
                      + "run.googleapis.com/launch-stage"   = (known after apply)
                        # (6 unchanged elements hidden)
                    }
                    # (9 unchanged attributes hidden)
                }

                # (2 unchanged blocks hidden)
            }

Can you provide more details for the reason that removing the launch-stage: BETA annotation from the updated resource does not fix this issue? What issue do you mean here?

ggtisc commented 2 weeks ago

@bskaplan

The steps to reproduce this issue are not clear. To reproduce this issue, can we use any configuration of a google_cloud_run_service that uses google-beta and after the 1st terraform apply removes the use of google-beta and run a 2nd terraform apply?

Or is it necessary to use a specific terraform code? because I see many of them in the provided link

bskaplan commented 2 weeks ago

I linked directly to the line of the specific test that demonstrates this issue. It has to do with using Cloud Run preview features, not necessarily the google-beta provider. When a feature is in preview, Cloud Run requires you specify the annotation "run.googleapis.com/launch-stage" = "BETA".

If you subsequently remove the dependency on the Cloud Run preview feature and remove the "run.googleapis.com/launch-stage" = "BETA" annotation and then apply that, Terraform is still showing a diff in effective_annotations for the run.googleapis.com/launch-stage annotation that should have just been removed..

zli82016 commented 2 weeks ago

The annotations is inside ignore_changes block, which prevents applying the removing of run.googleapis.com/launch-stage" = "BETA".

There is a pending PR to fix it https://github.com/GoogleCloudPlatform/magic-modules/pull/11531

ggtisc commented 2 weeks ago

@zli82016 would it be appropriate to do a merge of both issues, or forward this one?

zli82016 commented 2 weeks ago

@bskaplan, can you please remove the lifecycle.ignore_changes from the test case testAccCloudRunService_cloudRunServiceWithEmptyDirVolume and testAccCloudRunService_cloudRunServiceUpdateWithGcsVolume in the PR https://github.com/GoogleCloudPlatform/magic-modules/pull/11503? And then the PR https://github.com/GoogleCloudPlatform/magic-modules/pull/11531 is not needed.

zli82016 commented 1 week ago

https://github.com/GoogleCloudPlatform/magic-modules/pull/11503 is merged with the test fix.