search

terraform-google-modules / terraform-google-network

Sets up a new VPC network on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/network/google
Apache License 2.0
411 stars 1.23k forks source link

Proxy-only subnet trying to replace ipv6_access_type from "INTERNAL" to null #528

Closed Samir-Cit closed 2 months ago

Samir-Cit commented 9 months ago

TL;DR

First time calling this module to create the proxy-only subnet it will create correctly. But when running terraform plan after the first apply, it will show a change on the resource trying to replace ipv6_access_type from "INTERNAL" to null.

This happens because the module sets ipv6_access_type to null when it's not found, but the proxy-only _(purpose: "REGIONAL_MANAGEDPROXY") subnet automatically sets ipv6_access_type to "INTERNAL", and it's not configurable.

Expected behavior

When running terraform plan or terraform apply after the first apply, it should not have difference on the resource

Observed behavior

It creates correctly the resource. But tries to change ipv6_access_type when running again.

Terraform Configuration

module "main" {
  source  = "terraform-google-modules/network/google"
  version = "~> 7.0"

  project_id                             = {PROJECT_ID}
  network_name                           = {NETWORK}
  shared_vpc_host                        = "true"
  delete_default_internet_gateway_routes = "true"

  subnets =  [
    {
      subnet_name      = "{NAME}"
      subnet_ip        = "0.0.0.0/0"
      subnet_region    = "{REGION}"
      subnet_flow_logs = false
      description      = "{DESCRIPTION}"
      role             = "ACTIVE"
      purpose          = "REGIONAL_MANAGED_PROXY"
    }
  ]

Terraform Version

Terraform v1.3.0

Additional information

I'm not able to set ipv6_access_type = "INTERNAL" when using the module because this value is not configurable for proxy-only subnet.

bharathkkb commented 9 months ago

Hi @Samir-Cit, I might be missing something but isnt the ipv6_access_type configurable?

Samir-Cit commented 9 months ago

Hello @bharathkkb this property actually is configurable. But for a subnet with purpose of REGIONAL_MANAGED_PROXY this property become not configurable.

When I try to deploy using the example code bellow:

resource "google_compute_subnetwork" "proxy_only_subnet" {
  name             = "some-name"
  description      = "some-description"
  ip_cidr_range    = "0.0.0.0/0"
  project          = "PROJECT_ID"
  region           = "REGION"
  network          = "projects/{PROJECT}/global/networks/{NETWORK}"
  purpose          = "REGIONAL_MANAGED_PROXY"
  ipv6_access_type = "INTERNAL"
  role             = "ACTIVE"
}

It gives me the following error:

google_compute_subnetwork.proxy_only_subnet: Creating...
╷
│ Error: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.ipv6AccessType': 'INTERNAL'. The IPv6 access type of a proxy-only subnet is implicitly set to INTERNAL and is not configurable., invalid
│ 
│   with google_compute_subnetwork.proxy_only_subnet,
│   on main.tf line 1, in resource "google_compute_subnetwork" "proxy_only_subnet":
│    1: resource "google_compute_subnetwork" "proxy_only_subnet" {
kevin-abregu commented 8 months ago

Hello, I'm having the same problem. I will add my steps to reproduce this problem.

When I try to create a subnet with the purpose of REGIONAL_MANAGED_PROXY and if I add: ipv6_access_type = "INTERNAL" it returns this error when applying.

│ Error: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.ipv6AccessType': 'INTERNAL'. The IPv6 access type of a proxy-only subnet is implicitly set to INTERNAL and is not configurable., invalid

If I let ipv6_access_type = null, it creates it properly:

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

But every time I do a new terraform plan I get this:

  ~ resource "google_compute_subnetwork" "subnetwork" {
        id                         = "projects/g-prj-kevin0002-cs-net-pro/regions/europe-west1/subnetworks/snet-kevin0002-pro-proxy-only"
      - ipv6_access_type           = "INTERNAL" -> null
        name                       = "snet-kevin0002-pro-proxy-only"
        # (12 unchanged attributes hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

Once it is created, I have to add ipv6_access_type = "INTERNAL" on the configuration to solve it.

I think that these 2 steps shouldn't be needed and that a possible solution is: when the purpose is "REGIONAL_MANAGED_PROXY", the field ipv6AccessType must not be added to the creation of the subnet configuration.

My terraform version is: Terraform v1.6.3 Google Provider version is: 5.10.0

imrannayer commented 8 months ago

@Samir-Cit @kevin-abregu this is provider issue. Can you plz open a bug for provider here? They need to make sure it should not show as diff.

github-actions[bot] commented 6 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] commented 4 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

daniel-cit commented 2 months ago

reported as Fixed in https://github.com/hashicorp/terraform-provider-google/issues/16804