search

terraform-google-modules / terraform-google-vpc-service-controls

Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
https://registry.terraform.io/modules/terraform-google-modules/vpc-service-controls/google
Apache License 2.0
59 stars 67 forks source link

seems to break with google terraform provider version 3.x without os policy #29

Closed mattdrees closed 4 years ago

mattdrees commented 4 years ago

The google provider, as of 3.x, doesn't allow an empty os_policy within an os_constraints block. When I tried to run

module "access_level_members" {
  source  = "terraform-google-modules/vpc-service-controls/google//modules/access_level"
  version = "1.0.2"
  policy  = data.terraform_remote_state.vpc_service_controls.outputs.policy_id

  name           = "PrivateAccess"
  ip_subnetworks = ["8.10.140.0/24"]
  description    = "All Cru public ip addresses"
}

provider "google" {
  version = "~> 3.8"
}

I received this error:

------------------------------------------------------------------------

Error: expected basic.0.conditions.0.device_policy.0.os_constraints.0.os_type to be one of [OS_UNSPECIFIED DESKTOP_MAC DESKTOP_WINDOWS DESKTOP_LINUX DESKTOP_CHROME_OS], got 

  on .terraform/modules/access_level_members/terraform-google-modules-terraform-google-vpc-service-controls-988ef91/modules/access_level/main.tf line 21, in resource "google_access_context_manager_access_level" "access_level":
  21: resource "google_access_context_manager_access_level" "access_level" {
morgante commented 4 years ago

Thanks, #30 should fix this. Can you PTAL and see if it works for you?

mattdrees commented 4 years ago

Thanks! That looks like it ought to work.

I opted to drop this module and use the raw resources themselves; the module wasn't really pulling its weigh (for my use case). So I'm afraid I can't easily check this fix.