Open
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
- Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
- If you are interested in working on this issue or have submitted a pull request, please leave a comment.
- If an issue is assigned to a user, that user is claiming responsibility for the issue.
- Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
Terraform Version & Provider Version(s)
Terraform v1.11.3
on
- provider registry.terraform.io/hashicorp/google v6.27.0
- provider registry.terraform.io/hashicorp/google-beta v6.27.0
Affected Resource(s)
google_network_services_gateway
Terraform Configuration
Please see the FAST framework net-swp module:
resource "google_network_services_gateway" "default" {
project = var.project_id
name = var.name
location = var.region
description = var.description
labels = var.gateway_config.labels
addresses = var.gateway_config.addresses
type = "SECURE_WEB_GATEWAY"
ports = var.gateway_config.ports
scope = var.gateway_config.scope
certificate_urls = var.certificates
gateway_security_policy = (
google_network_security_gateway_security_policy.default.id
)
network = var.network
subnetwork = var.subnetwork
routing_mode = (
var.gateway_config.next_hop_routing_mode
? "NEXT_HOP_ROUTING_MODE"
: null
)
delete_swg_autogen_router_on_destroy = (
var.gateway_config.delete_router_on_destroy
)
}
resource "google_compute_service_attachment" "default" {
count = var.service_attachment == null ? 0 : 1
project = var.project_id
region = var.region
name = var.name
description = "Service attachment for SWP ${var.name}"
target_service = google_network_services_gateway.default.id
nat_subnets = var.service_attachment.nat_subnets
connection_preference = (
var.service_attachment.automatic_connection
? "ACCEPT_AUTOMATIC"
: "ACCEPT_MANUAL"
)
consumer_reject_lists = var.service_attachment.consumer_reject_lists
domain_names = (
var.service_attachment.domain_name == null
? null
: [var.service_attachment.domain_name]
)
enable_proxy_protocol = var.service_attachment.enable_proxy_protocol
reconcile_connections = var.service_attachment.reconcile_connections
dynamic "consumer_accept_lists" {
for_each = var.service_attachment.consumer_accept_lists
iterator = accept
content {
project_id_or_num = accept.key
connection_limit = accept.value
}
}
}
Debug Output
No response
Expected Behavior
Resources created.
Actual Behavior
Error
module.secure-web-proxy["myinstance"].google_compute_service_attachment.default[0]: Creating...
╷
│ Error: invalid value for target_service: Cannot determine region: set in this resource, or set provider-level 'region' or 'zone'.
│
│ with module.secure-web-proxy["myinstance"].google_compute_service_attachment.default[0],
│ on modules/net-swp/main.tf line 112, in resource "google_compute_service_attachment" "default":
│ 112: resource "google_compute_service_attachment" "default" {
│
╵
Steps to reproduce
terraform apply
Important Factoids
The google_compute_service_attachment referencing google_network_services_gateway in target_service attribute for Secure Web Proxy creation is a subject for the same issue as well: not possible to create first time an SWP without providing region at provider level. The google_network_services_gateway resource has only location attribute, but not region. Btw, once the resource has been successfully created with region set at the provider level, the region setting in the provider can be removed and the plan won't detect changes / will consider resources in tact.
References
b/408003978