search

terraform-google-modules / terraform-google-vpc-service-controls

Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
https://registry.terraform.io/modules/terraform-google-modules/vpc-service-controls/google
Apache License 2.0
59 stars 67 forks source link

terraform_validate fails on master branch #147

Closed eeaton closed 1 month ago

eeaton commented 1 month ago

TL;DR

Running make_docker_test_lint locally fails because some of the examples use v5 but the arguments like vpc_network_sources that require v6.

Expected behavior

terraform_validate (triggered by running make_docker_test_lint from inside the repo) should work

Observed behavior

running make_docker_test_lint fails with the following error:

terraform_validate ./examples/access_level_vpc_ip ╷ │ Error: Unsupported argument │ │ on main.tf line 79, in module "access_level_vpc_ranges": │ 79: vpc_network_sources = { │ │ An argument named "vpc_network_sources" is not expected here. ╵

Terraform Configuration

# from terraform-google-vpc-service-controls/examples/access_level_vpc_ip/main.tf

module "access_level_vpc_ranges" {
  source  = "terraform-google-modules/vpc-service-controls/google//modules/access_level"
  version = "~> 5.0"

  policy      = module.access_context_manager_policy.policy_id
  name        = "vpc_ip_address_policy"
  description = "access level for vpc ip addresses"
  vpc_network_sources = {
    "vpc_a" = {
      network_id = google_compute_network.network1.id
      ip_address_ranges = [
        "10.0.0.0/24",
        "192.169.0.0/16",
      ]
    }
    "vpc_b" = {
      network_id = google_compute_network.network2.id
    }
  }
  depends_on = [
    google_compute_subnetwork.network1_us_central1,
    google_compute_subnetwork.network1_us_east1,
    google_compute_subnetwork.network2_us_central1,
  ]
}

Terraform Version

Terraform v1.6.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v5.30.0

Additional information

It's odd to me that lint tests on other recent changes in the repo have succeeded even when the lint fails locally and the version in example folder clearly does not support the new arguments. Is there a possibility that the automated CI testing on this repo does not run make_docker_test_lint correctly?

apeabody commented 1 month ago

Hi @eeaton - The lint workflow's module_swapper automatically converts the examples to use the pull requests version of the module source code, so they are always in-sync: https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/blob/master/.github/workflows/lint.yaml#L47

This should also occur with make docker_test_lint unless it's an old version (pre ~1.18.5?) of dev-tools?

eeaton commented 1 month ago

Closing this issue, a later set of dependabot PR addressed it https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/pull/145