upgrade terraform 1.3.0 past 1.6 to 1.7.4 to allow for PBR policy based routing - workaround is to gcloud the api - Githubissues

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation

https://cloud.google.com/architecture/security-foundations

Apache License 2.0

1.21k stars 708 forks source link

upgrade terraform 1.3.0 past 1.6 to 1.7.4 to allow for PBR policy based routing - workaround is to gcloud the api #1141

Closed obriensystems closed 5 months ago

obriensystems commented 6 months ago

TL;DR

check at least 1.5.4 - but from the release notes it looks like a later 1.6 Start with gcloud version in https://cloud.google.com/vpc/docs/use-policy-based-routes#gcloud and https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/network_connectivity_policy_based_route

see

The version of terraform run internally has issues with lack of support for later APIs https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/Dockerfile#L18

ARG TERRAFORM_VERSION=1.3.0

We need support for PBR - Policy Based Routing

check 1.6.x for inclusion of https://github.com/GoogleCloudPlatform/magic-modules/pull/9320 late october 2023 https://releases.hashicorp.com/terraform/

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/network_connectivity_policy_based_route

https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.global.policyBasedRoutes https://cloud.google.com/vpc/docs/use-policy-based-routes#api https://github.com/hashicorp/terraform-provider-google/issues/15414 https://github.com/GoogleCloudPlatform/magic-modules/pull/9320 https://github.com/terraform-google-modules/docs-examples/pull/579 https://cloud.google.com/vpc/docs/use-policy-based-routes#create-within-vpc

without PBR we dont have PBMM microsegmentation https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/Dockerfile#L18 https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/854 https://cloud.google.com/vpc/docs/policy-based-routes https://medium.com/google-cloud/why-policy-based-routing-is-a-game-changer-f4c6a7badccb https://codelabs.developers.google.com/codelabs/cloudnet-pbr#0 https://cloud.google.com/vpc/docs/use-policy-based-routes#create-within-vpc During the upgrade check for instances of OPTIONAL

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

1.7.4 in gcloud

Terraform Version

1.7.4 in gcloud

Additional information

No response

obriensystems commented 6 months ago

workaround is to gcloud the pbr api

fmichaelobrien commented 5 months ago

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21