Open
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
- Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
- If you are interested in working on this issue or have submitted a pull request, please leave a comment.
- If an issue is assigned to a user, that user is claiming responsibility for the issue.
- Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
Terraform Version & Provider Version(s)
Terraform v1.11.3
on darwin_arm64
- provider registry.terraform.io/hashicorp/google v6.27.0
- provider registry.terraform.io/hashicorp/google-beta v6.27.0
Affected Resource(s)
google_compute_router_route_policy
Terraform Configuration
variable "route_policies" {
type = list(object({
name = string
router = string
type = string # ROUTE_POLICY_TYPE_IMPORT or ROUTE_POLICY_TYPE_EXPORT
project = optional(string, "my-network-prod-xxxx")
region = optional(string, "europe-west1")
terms = list(object({
priority = number # between 0 (inclusive) and 231 (exclusive) and unique within list
match = list(object({
expression = string
title = optional(string)
description = optional(string)
location = optional(string)
}))
actions = list(object({
expression = string
title = optional(string)
description = optional(string)
location = optional(string)
}))
}))
}))
default = []
description = "List of route policies"
validation {
condition = alltrue([
for route_policy in var.route_policies : contains(["ROUTE_POLICY_TYPE_IMPORT", "ROUTE_POLICY_TYPE_EXPORT"], route_policy.type)
])
error_message = "Route policy Type must be either ROUTE_POLICY_TYPE_IMPORT or ROUTE_POLICY_TYPE_EXPORT"
}
}
route_policies = [
{
name = "imports-deny-except-base"
router = "my-network-dev-router-havpngw"
project = "my-network-dev-xxxx"
type = "ROUTE_POLICY_TYPE_IMPORT"
terms = [
{
priority = 0
actions = [
{
expression = "accept()"
},
]
match = [
{
expression = "(destination == \"192.168.0.0/24\")"
},
]
},
{
priority = 230
actions = [
{
expression = "drop()"
},
]
match = [
{
expression = "(destination != \"192.168.0.0/24\")"
},
]
},
]
},
]
resource "google_compute_router_route_policy" "main" {
for_each = { for k, v in var.route_policies : v.name => v }
name = each.value.name
router = google_compute_router.gcp_router[each.value.router].name
region = length(each.value.region) > 0 ? each.value.region : google_compute_router.gcp_router[each.value.router].region
project = length(each.value.project) > 0 ? each.value.project : google_compute_router.gcp_router[each.value.router].project
type = each.value.type
dynamic "terms" {
for_each = { for k, v in each.value.terms : k => v }
content {
priority = terms.value.priority
dynamic "match" {
for_each = { for k, v in terms.value.match : k => v }
content {
expression = match.value.expression
title = match.value.title
description = match.value.description
location = match.value.location
}
}
dynamic "actions" {
for_each = { for k, v in terms.value.actions : k => v }
content {
expression = actions.value.expression
title = actions.value.title
description = actions.value.description
location = actions.value.location
}
}
}
}
}Debug Output
No response
Expected Behavior
Resource is created as shown in the plan output
# google_compute_router_route_policy.main["imports-deny-except-base"] will be created
+ resource "google_compute_router_route_policy" "main" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ name = "imports-deny-except-base"
+ project = "my-network-dev-xxxx"
+ region = "europe-west1"
+ router = "my-network-dev-router-havpngw"
+ type = "ROUTE_POLICY_TYPE_IMPORT"
+ terms {
+ priority = 0
+ actions {
+ expression = "accept()"
}
+ match {
+ expression = "(destination == \"192.168.0.0/24\")"
}
}
+ terms {
+ priority = 230
+ actions {
+ expression = "drop()"
}
+ match {
+ expression = "(destination != \"192.168.0.0/24\")"
}
}
}Actual Behavior
The apply fails with the following error:
google_compute_router_route_policy.main["imports-deny-except-scd"]: Creating...
╷
│ Error: Error creating RouterRoutePolicy: googleapi: Error 400: Required field 'resource.terms[0].priority' not specified, required
│
│ with google_compute_router_route_policy.main["imports-deny-except-scd"],
│ on 223_ha_vpn_tunnel.tf line 68, in resource "google_compute_router_route_policy" "main":
│ 68: resource "google_compute_router_route_policy" "main" {
│
╵Steps to reproduce
terraform apply
Important Factoids
I had created a route policy for our prod router upfront via gcloud, as the resource was not yet available at that time and I was able to use the exact same variable, tfvars and resource definition (of course with small changes to project id and name) to successfully import it to the state. So the resource definition should be good, I guess.
Also the imported resource has no changes pending or permadiffs or whatever, which makes me believe, that the code itself which I am using for the resource is correct. Only creating a google_compute_router_route_policy is not working via terraform.
References
No response
b/408043807