google_compute_network_peering_routes_config returns Error 400: Required field '' not specified, required

yeweidaniel commented 2 weeks ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v0.14.9 on Linux

provider registry.terraform.io/hashicorp/google v4.78.0
provider registry.terraform.io/hashicorp/google-beta v4.78.0

Affected Resource(s)

google_compute_network_peering_routes_config

Terraform Configuration

module "mllp_cluster" {
  source     = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
  version    = "~> 21.2.0"
  depends_on = [module.project]

  # Required.
  name       = "mllp-prod"
  project_id = module.project.project_id
  region     = "us-central1"
  zones    = ["us-central1-a", "us-central1-b"]
  regional = true

  network_project_id         = "hde-qa-networks"
  network                    = "gke-network"
  subnetwork                 = "cluster-subnet-prod"
  ip_range_pods              = "pods-range"
  ip_range_services          = "services-range"
  add_cluster_firewall_rules = true
  master_ipv4_cidr_block     = "172.16.6.0/28"
  istio                      = false
  skip_provisioners          = true
  enable_private_endpoint    = true
  release_channel            = "STABLE"
  network_policy             = true
  # Removing the default node pull, as it cannot be modified without destroying the cluster.
  remove_default_node_pool      = true
  issue_client_certificate      = false
  deploy_using_private_endpoint = true
  # Private nodes better control public exposure, and reduce the
  # ability of nodes to reach to the Internet without additional configurations.
  enable_private_nodes = true
  # Allow the cluster master to be accessible globally (from any region).
  master_global_access_enabled = true
  # master_authorized_networks can be specified to restrict access to the public endpoint.
  # Also see https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters.
  enable_binary_authorization = true
  # Workload Identity is enabled by default in beta-private-cluster-update-variant.
  # And identity_namespace is set to [project_id].svc.id.goog and node_metadata to GKE_METADATA_SERVER.
  master_authorized_networks = [
    {
      display_name : "cloudbuild"
      cidr_block : "192.168.0.0/16"
    }
  ]
  node_pools = [
    {
      name         = "default-node-pool"
      machine_type = "e2-custom-2-4096"
      node_locations     = "us-central1-a,us-central1-b"
      min_count          = 1
      max_count          = 20
      local_ssd_count    = 0
      disk_size_gb       = 100
      disk_type          = "pd-standard"
      image_type         = "COS_CONTAINERD"
      auto_repair        = true
      auto_upgrade       = true
      service_account    = "${google_service_account.gke_sa.account_id}@${module.project.project_id}.iam.gserviceaccount.com"
      preemptible        = false
      initial_node_count = 1
      enable_secure_boot = true
    },
  ]
}

resource "google_compute_network_peering_routes_config" "peering-mllp_cluster" {
  network              = "gke-network"
  peering              = module.mllp_cluster.peering_name
  import_custom_routes = false
  export_custom_routes = true
  project              = "hde-qa-networks"
}

Debug Output

╷ │ Error: Error creating NetworkPeeringRoutesConfig: googleapi: Error 400: Required field '' not specified, required │ │ with google_compute_network_peering_routes_config.peering-mllp_cluster, │ on cluster.tf line 84, in resource "google_compute_network_peering_routes_config" "peering-mllp_cluster": │ 84: resource "google_compute_network_peering_routes_config" "peering-mllp_cluster" { │

Expected Behavior

No errors, we have not changed this TF file for many months now.

Actual Behavior

╷ │ Error: Error creating NetworkPeeringRoutesConfig: googleapi: Error 400: Required field '' not specified, required │ │ with google_compute_network_peering_routes_config.peering-mllp_cluster, │ on cluster.tf line 84, in resource "google_compute_network_peering_routes_config" "peering-mllp_cluster": │ 84: resource "google_compute_network_peering_routes_config" "peering-mllp_cluster" { │

Steps to reproduce

No response

Important Factoids

No response

References

No response

b/372919584

yeweidaniel commented 1 week ago

I think on GKE 1.30 the peering_name is empty, causing this error. This was working fine for us on GKE 1.28. This seems to be a breaking change, is there a process for reverting this?

rileykarson commented 1 week ago

@yeweidaniel are you seeing that the peering_name is empty in the GKE API response, or is it getting lost in the provider / module?

The error message here alone is a bug in the API.

hashicorp / terraform-provider-google