Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VPC Connector in cloud run module is forced to recreate when not specifying a subnet. #1867

Closed
lbordowitz opened this issue Nov 16, 2023 · 0 comments · Fixed by #1870
Closed
Assignees

Comments

@lbordowitz
Copy link

Describe the bug
A clear and concise description of what the bug is.

Environment

Terraform v1.5.6

To Reproduce
Use the cloud run module and specify only the following fields in the VPC connector variable of the cloud-run module:

  vpc_connector_create = {
    name          = "cloudrun-app"
    ip_cidr_range = var.vpc_connector_config.ip_cidr_range
    vpc_self_link = var.vpc_connector_config.vpc_self_link
  }

Expected behavior
The google_vpc_access_connector is created once and is not forced to be replaced when a difference is not made.

Result

  # google_vpc_access_connector.connector must be replaced
-/+ resource "google_vpc_access_connector" "connector" {
      ~ connected_projects = [] -> (known after apply)
      ~ id                 = "projects/*****/locations/us-central1/connectors/cloudrun-app" -> (known after apply)
      ~ max_instances      = 3 -> (known after apply)
      ~ min_instances      = 2 -> (known after apply)
        name               = "cloudrun-app"
      ~ network            = "default" -> "projects/*****global/networks/default"
      ~ self_link          = "projects/*****/locations/us-central1/connectors/cloudrun-app" -> (known after apply)
      ~ state              = "READY" -> (known after apply)
        # (6 unchanged attributes hidden)

      + subnet { # forces replacement
          + project_id = (known after apply)
        }
    }

See particularly that the subnet block forces replacement.

Additional context
I've tried using the following two resources in a sandbox. When I specify the terraform resource like this:

resource "google_vpc_access_connector" "connector" {
  project       = var.project_id
  name          = "cloudrun-app"
  region        = "us-central1"
  ip_cidr_range = "10.9.0.0/28"
  network       = "projects/${var.project_id}/global/networks/default"
  subnet {
    name       = null
    project_id = null
  }
}

I encounter the same problem as I have when I use the cloud-run module. However, when I specify it like this:

resource "google_vpc_access_connector" "connector" {
  project       = var.project_id
  name          = "cloudrun-app"
  region        = "us-central1"
  ip_cidr_range = "10.9.0.0/28"
  network       = "projects/${var.project_id}/global/networks/default"
}

The google_vpc_access_connector is not force-replaced. I should note that project_id field is "Computed" and "ForceNew", which is what I believe is causing this issue. (The name field, and the overall subnet field are not "Computed".)

Perhaps this issue can be mitigated with a dynamic block.

@wiktorn wiktorn self-assigned this Nov 17, 2023
wiktorn added a commit that referenced this issue Nov 18, 2023
…c-connector

* End to end tests for Cloud Run
* fix reporting non-empty plan after apply in E2E tests
* fix non-empty plan in Cloud Run in subnet and annotations

Closes: #1867
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants