IPv6 subnetwork CIDR block attribute not exported as per docs

[cmseal]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.9.5 on

• provider registry.terraform.io/hashicorp/google v6.12.0

Affected Resource(s)

google_compute_subnetwork

Terraform Configuration

terraform {
  required_version = "~> 1.8"

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.12.0"
    }
  }
}

provider "google" {
  region  = "europe-west2"
  zone    = "europe-west2-a"
  project = <PROJECT_ID>
}

resource "google_compute_network" "vpc" {
  name                    = "demo-vpc"
  auto_create_subnetworks = "false"
  routing_mode            = "GLOBAL"
}

resource "google_compute_subnetwork" "subnet" {
  name             = "demo-vpc-subnet"
  ip_cidr_range    = "10.1.0.0/24"
  network          = google_compute_network.vpc.self_link
  stack_type       = "IPV4_IPV6"
  ipv6_access_type = "EXTERNAL"
}

resource "google_compute_firewall" "allow-internal-v6" {
  name    = "demo-vpc-fw-allow-internal"
  network = google_compute_network.vpc.name
  allow {
    protocol = "icmp"
  }
  allow {
    protocol = "tcp"
    ports    = ["0-65535"]
  }
  allow {
    protocol = "udp"
    ports    = ["0-65535"]
  }
  source_ranges = [
    google_compute_subnetwork.subnet.ipv6_cidr_range
  ]
}

Debug Output

No response

Expected Behavior

ipv6_cidr_range should be exported when subnetwork is created.

Debug shows subnet created has externalIpv6Prefix which is the value expected for exported ipv6_cidr_range attribute.

2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5: {
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "kind": "compute#subnetwork",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "id": "300317686834998617",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "creationTimestamp": "2024-11-21T05:47:10.760-08:00",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "name": "demo-vpc-subnet",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "network": "https://www.googleapis.com/compute/v1/projects/<redacted_project_id>/global/networks/demo-vpc",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "ipCidrRange": "10.1.0.0/24",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "gatewayAddress": "10.1.0.1",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "region": "https://www.googleapis.com/compute/v1/projects/<redacted_project_id>/regions/europe-west2",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "selfLink": "<redacted_selflink>",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "privateIpGoogleAccess": false,
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "fingerprint": "MoMaZXazAZg=",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "enableFlowLogs": false,
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "privateIpv6GoogleAccess": "DISABLE_GOOGLE_ACCESS",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "externalIpv6Prefix": "<redacted_ipv6_cidr_block>",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "purpose": "PRIVATE",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "logConfig": {
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:     "enable": false
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   },
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "stackType": "IPV4_IPV6",
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5:   "ipv6AccessType": "EXTERNAL"
2024-11-21T14:41:42.518Z [DEBUG] provider.terraform-provider-google_v6.12.0_x5: }

Actual Behavior

│ Error: Error creating Firewall: googleapi: Error 400: Invalid value for field 'resource.sourceRanges[0]': ''. Must be a CIDR address range., invalid
│ 
│   with google_compute_firewall.allow-internal-v6,
│   on vpc.tf line 48, in resource "google_compute_firewall" "allow-internal-v6":
│   48: resource "google_compute_firewall" "allow-internal-v6" {
│ 

Steps to reproduce

1. terraform apply

Important Factoids

No response

References

Documentation states ipv6_cidr_ranges are exported attributes: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#attributes-reference

Data for same resource doesn't show same exported attribute: https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork#attributes-reference