Description
TL;DR
I can't get this module to locate an existing SSL policy defined by Terraform.
Expected behavior
I have a Terraform resource that is creating a security policy to meet compliance requirements. I should be able to use this SSL policy with this module.
Observed behavior
This module seems to forcibly look for an SSL policy at a different URL, and therefore fails. I have tried referencing the resource URL with .id, .self_link, and .name. None of them work. The same error is returned:
Error: Error setting Backend Service security policy: googleapi: Error 400: Invalid value for field 'resource': '*** "securityPolicy": "projects/(redacted)/global/securityPolicies/minimum-tls"***'. The given security policy does not exist., invalid
The policy does exist.
Terraform Configuration
resource "google_compute_ssl_policy" "minimum_tls" {
min_tls_version = "TLS_1_2"
name = "minimum-tls"
profile = "MODERN"
project = var.account_id
}
module "sparkpost_lb_https" {
source = "terraform-google-modules/lb-http/google//modules/serverless_negs"
version = "~> 12.0"
count = var.environment == "develop" ? 1 : 0 # TODO: Develop only for now
name = "sparkpost-lb-${var.environment}"
project = var.account_id
ssl = true
managed_ssl_certificate_domains = [
var.sparkpost_ssl_domain
]
https_redirect = false
load_balancing_scheme = "EXTERNAL_MANAGED"
backends = {
default = {
description = "Sparkpost click tracking backend"
groups = [
{
group = google_compute_global_network_endpoint_group.sparkpost_neg[0].id
}
]
enable_cdn = false
iap_config = {
enable = false
}
log_config = {
enable = true
sample_rate = 1.0
}
security_policy = google_compute_ssl_policy.minimum_tls.self_link
}
}
}
### Terraform Version
```sh
1.10.2
Additional information
I tried to force the issue by specifically setting security_policy as such:
security_policy = "projects/${var.account_id}/global/sslPolicies/minimum-tls"
...but I still got the same error, which indicated it was looking for the resource in a completely different area of GCP as above. I am able to select minimum-tis in the console for the frontend configuration after the load balancer is deployed.