Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public ephemeral IP no longer obtainable from compute instance's access_config #545

Closed
butla opened this issue Oct 6, 2017 · 5 comments
Closed

Public ephemeral IP no longer obtainable from compute instance's access_config #545

butla opened this issue Oct 6, 2017 · 5 comments

Comments

@butla
Copy link

butla commented Oct 6, 2017

Terraform Version

v0.10.6

Affected Resource(s)

google_compute_instance

Terraform Configuration Files

Will abbreviate a bit to leave only the important parts, but the script should be runnable:

variable "environment"     { }
variable "application"     { default = "intervention" }
variable "region"          { default = "us-east1"     }
variable "region_zone"     { default = "us-east1-b"   }
variable "project_id"      { }


terraform {
  backend "gcs" {
    bucket  = "some-bucket"
    path    = "some-folder/terraform.tfstate"
  }
}

provider "google" {
  project     = "${var.project_id}"
  region      = "${var.region}"
}

resource "google_compute_instance" "intervention" {
  tags         = ["intervention-host"]
  name         = "${var.application}"
  machine_type = "n1-standard-1"
  zone         = "${var.region_zone}"

  boot_disk {
    initialize_params {
      image = "ubuntu-1604-lts"
      type  = "pd-standard"
    }
  }

  network_interface {
    network = "default"

    access_config {
      // Ephemeral IP
    }
  }

  service_account {
    scopes = ["https://www.googleapis.com/auth/logging.write"]
  }
}

resource "random_id" "name_suffixes" {
  byte_length = 4
}

resource "google_sql_database_instance" "sql_database_instance" {
  name             = "${var.environment}-${var.application}-${random_id.name_suffixes.hex}"
  region           = "${var.region}"
  database_version = "POSTGRES_9_6"

  settings {
    tier      = "db-g1-small"
    disk_type = "PD_SSD"

    ip_configuration {
      authorized_networks {
        name = "${var.application}"
        value = "${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}"
      }
      # some other networks
    }

    backup_configuration {
      enabled = true
      start_time = "01:00"
    }

    location_preference {
      zone = "${var.region_zone}"
    }

    maintenance_window {
      day          = 6
      hour         = 1
      update_track = "stable"
    }
  }
}

resource "google_sql_database" "sql_database" {
  name     = "intervention"
  instance = "${google_sql_database_instance.sql_database_instance.name}"
}

resource "google_sql_user" "users_root" {
  name     = "root"
  instance = "${google_sql_database_instance.sql_database_instance.name}"
  host     = ""
  password = "NOT OUR PASSWORD"
}

Debug Output

I would have to revert too much stuff to run the old version of the code again. I'm saying "old version", because this bug broke our code and we've had to fix it.

Expected Behavior

"${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}" has have the ephemeral public IP of the instance

Actual Behavior

"${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}" is empty.

Steps to Reproduce

terraform apply

Important Factoids

We didn't had the provider's version pinned. We also keep updating Terraform from time to time. We don't run this deployment very often.

At one point the script started failing with 400 error when setting the authorized networks for PSQL. That was because it was trying to add an empty IP to the whitelist. It was trying to set an empty IP, because the value that always had the IP was now empty.

When this error occurred I've pinned the provider version to 1.0.1 and fixed that by using a reserved public IP.

I also checked the whole access_config with terraform console - there's nothing useful in there, no address.
@pqr
Copy link

pqr commented Oct 10, 2017

Confirm, reproduced the issue after upgrading terraform-provider-google from v0.1.3 to 1.0.1.
Downgrading back to v0.1.3 solved the problem.

@briffle
Copy link

briffle commented Oct 10, 2017

This is also reported in #519

A pull request has been sitting out for a few days to fix it: #536

I need some of the newer features in 1.0, but it broke my provisioning scripts, i can't get the address of my bastion hosts (not all my instances have external IP's)

@zbikmarc
Copy link
Contributor

#536 is currently merged

I think this is good time for new release (this and #519 were kinda serious bugs)

@butla
Copy link
Author

butla commented Oct 12, 2017

@zbikmarc OK, closing this then.

@butla butla closed this as completed Oct 12, 2017
luis-silva pushed a commit to luis-silva/terraform-provider-google that referenced this issue May 21, 2019
@modular-magician @chrisst
Update OAuth Scopes (hashicorp#545)
612dd4a 
<!-- This change is generated by MagicModules. -->
/cc @chrisst
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pqr @butla @briffle @zbikmarc