Error creating resource google_monitoring_uptime_check_config with matcher NON_MATCHES_REGEX

[mdelucas]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.13.7

• provider registry.terraform.io/carlpett/sops v0.6.3
• provider registry.terraform.io/hashicorp/external v1.2.0
• provider registry.terraform.io/hashicorp/google v3.84.0
• provider registry.terraform.io/hashicorp/google-beta v3.84.0
• provider registry.terraform.io/hashicorp/kubernetes v1.13.4
• provider registry.terraform.io/hashicorp/local v2.1.0
• provider registry.terraform.io/hashicorp/null v2.1.2
• provider registry.terraform.io/hashicorp/random v2.3.1

Affected Resource(s)

• google_monitoring_uptime_check_config

Terraform Configuration Files

#######################################
# Uptime checks                       #
#######################################

resource "google_monitoring_uptime_check_config" "uptime_checks" {

  for_each = var.uptime_checks

  display_name     = lookup(local.uptime_checks_data[each.value], "displayName", null)
  timeout          = lookup(local.uptime_checks_data[each.value], "timeout", null)
  selected_regions = lookup(local.uptime_checks_data[each.value], "selectedRegions", [])
  period           = lookup(local.uptime_checks_data[each.value], "period", null)


  # Max 1 block - content_matchers
  dynamic "content_matchers" {
    for_each = length(lookup(local.uptime_checks_data[each.value], "contentMatchers", [])) == 0 ? [] : lookup(local.uptime_checks_data[each.value], "contentMatchers", [])

    content {
      content = lookup(content_matchers.value, "content", null)
      matcher = lookup(content_matchers.value, "matcher", null)
    }
  }


  # Max 1 block - http_check
  dynamic "http_check" {
    for_each = length(keys(lookup(local.uptime_checks_data[each.value], "httpCheck", {}))) == 0 ? [] : [lookup(local.uptime_checks_data[each.value], "httpCheck", {})]

    content {
      path           = lookup(http_check.value, "path", null)
      port           = lookup(http_check.value, "port", null)
      use_ssl        = lookup(http_check.value, "useSsl", null)
      validate_ssl   = lookup(http_check.value, "validateSsl", null)
      mask_headers   = lookup(http_check.value, "maskHeaders", null)
      request_method = lookup(http_check.value, "requestMethod", null)
      content_type   = lookup(http_check.value, "contentType", null) == "TYPE_UNSPECIFIED" ? null : lookup(http_check.value, "contentType", null)
      body           = lookup(http_check.value, "body", null)
      headers        = lookup(http_check.value, "headers", null)
    }
  }

  # Max 1 block - monitored_resource
  dynamic "monitored_resource" {
    for_each = length(keys(lookup(local.uptime_checks_data[each.value], "monitoredResource", {}))) == 0 ? [] : [lookup(local.uptime_checks_data[each.value], "monitoredResource", {})]

    content {
      type   = lookup(monitored_resource.value, "type", null)
      labels = lookup(monitored_resource.value, "labels", null)
    }
  }

  lifecycle {
    create_before_destroy = true
  }
}

Debug Output

Panic Output

Expected Behavior

According to documentation google_monitoring_uptime_check_config resource should allow for these content matchers types to be created.
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/monitoring_uptime_check_config#matcher

• CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX and NON_MATCHES_REGEX

So Terraform provider validates input for matcher and does not allow to apply plan with a matcher type different than that.

Actual Behavior

The problem is that there is a mismatch between matchers allowed in resource validator and those allowed in Google API.
https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.uptimeCheckConfigs#contentmatcheroption

• CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX and NOT_MATCHES_REGEX.
  So each time you wish to create a google_monitoring_uptime_check_config resource with content matcher NOT_MATCHES_REGEX resource validator won´t allow to pass the plan phase.

Error: expected content_matchers.0.matcher to be one of [CONTAINS_STRING NOT_CONTAINS_STRING MATCHES_REGEX NON_MATCHES_REGEX ], got NOT_MATCHES_REGEX

  on uptime_checks.tf line 5, in resource "google_monitoring_uptime_check_config" "uptime_checks":
   5: resource "google_monitoring_uptime_check_config" "uptime_checks" {

If you modify your TF code to use NON_MATCHES_REGEX matcher type then the Google API won´t let you create/update the resource.

Error: Error updating UptimeCheckConfig "projects/vi2-dev/uptimeCheckConfigs/vi-overall-health-nCZJHotY4uw": googleapi: Error 400: Invalid value at 'uptime_check_config.content_matchers[0].matcher' (type.googleapis.com/google.monitoring.v3.UptimeCheckConfig.ContentMatcher.ContentMatcherOption), "NON_MATCHES_REGEX"
Details:
[
  {
    "@type": "type.googleapis.com/google.rpc.BadRequest",
    "fieldViolations": [
      {
        "description": "Invalid value at 'uptime_check_config.content_matchers[0].matcher' (type.googleapis.com/google.monitoring.v3.UptimeCheckConfig.ContentMatcher.ContentMatcherOption), \"NON_MATCHES_REGEX\"",
        "field": "uptime_check_config.content_matchers[0].matcher"
      }
    ]
  }
]

  on uptime_checks.tf line 5, in resource "google_monitoring_uptime_check_config" "uptime_checks":
   5: resource "google_monitoring_uptime_check_config" "uptime_checks" {

Steps to Reproduce

Try to create a google_monitoring_uptime_check_config resource with content matcher NON_MATCHES_REGEX.

Important Factoids

References

[rwblokzijl]

This looks like a simple typo that can be easily fixed, i made a PR which i hope helps.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.