-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource google_compute_target_https_proxy
fails to provision with certificate_manager_certificates
attribute
#17176
Comments
@adamstrawson I noticed below error which is from the api. Where did you see it is supported? Can you share the full debug log that contains the requests and responses to the api?
|
Hi @edwardmedia, Support for Certificate manager is shown within the Google Provider documentation, and has listed examples of its use - See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy#example-usage---target-https-proxy-certificate-manager-certificate From a load balancer perspective, it's also shown here: https://cloud.google.com/load-balancing/docs/ssl-certificates#certificate-summary I'll need to do a small POC to be able to supply debug logs, as these resources are part of a larger module, but I'll get that put together shortly. |
@adamstrawson thanks for the info, and preparing the logs. Waiting for that. |
Okay, from a bit further digging, this does appear to be an API issue, rather than terraform. I can recreate the same issue via Do you know the best way to raise API issues, or should I go through our TAM? |
it is mentioned in the doc that below format is accepted. Accepted format is
From the error below, it seems the format does match what it asks. Forward the issue to the service team for taking a look at its behind
|
Yeah, I tried both formats as per the docs, both have the same error.
resource "google_compute_target_https_proxy" "default" {
name = "https-proxy"
url_map = google_compute_url_map.default.id # Not included in example
certificate_manager_certificates = [ google_certificate_manager_certificate.default.id ]
} and I tried resource "google_compute_target_https_proxy" "default" {
name = "https-proxy"
url_map = google_compute_url_map.default.id # Not included in example
certificate_manager_certificates = [ "//certificatemanager.googleapis.com/${google_certificate_manager_certificate.default.id}" ]
} My theory above that it's an API issue, rather than the Terraform provider is because gcloud compute target-https-proxies create foobar \
--url-map=<snip> \
--global \
--certificate-manager-certificates=<snip>
|
After some further digging, and chatting with GCP support, the recommended(?) way is to use Certificate Maps instead
It would be great to confirmation if that's the case, and whether the use of the attribute In the mean time, I'm unblocked as I can use |
This issue also affects the |
Without full configuration it is hard to do a proper analysis. At this point |
When I posted my message I had assumed the information above would be sufficient. Here's all the information I would post if I would have opened this as a new report, in case it helps any. This is quite similar to some things above, but for the The documentation mentions The documentation mentions two formats being accepted. I attempted both. Terraform output full URI
Terraform output self_link
Terraform configuration
Relevant debug output
|
@Daniel-I-Am I agree that documentation is not clear about the support.
The latest is a bug/feature gap which should be fixed that year by allowing LoadBalancingScheme to be set in UrlMap (optional field). As for now the workaround is to add a dummy BackendService in a dummy PatchMatcher in the UrlMap. BackendService does not need to have any Backends, just need to show the scheme. |
Oh wow. Now I understand the things I was seeing. I have been able to roll it out once for one load balancer, but not any other. The difference being that the one where it succeeded did have backend services configured and others did not, as they were set up quickly for testing with just a default redirect (I did not realize that this could even cause this oddity). I had opened a ticket with Google Cloud support, but they were unable to tell me what was happening. Thanks for the explanation, clears up a lot for me :) This does unblock me for the time being, but still leaves the same questions open for this issue. |
@adamstrawson @Daniel-I-Am @pawelJas Thanks to all of you and best regards, |
Hi @bahag-klickst, I have reached out to the UI team and I have confirmed that
|
Community Note
to expedite investigation and resolution of this issue.
Terraform Version
1.7.2.
Affected Resource(s)
google_compute_target_https_proxy
Terraform Configuration
Debug Output
No response
Expected Behavior
The target proxy is created, with the
example.com
certificate.Actual Behavior
The creation of
google_compute_target_https_proxy
fails as the use of managed cloud certificates isn't supported.Steps to reproduce
terraform apply
Important Factoids
Using
google
provider version5.14.0
References
The above terraform configuration is based on the documented example in the provider documentation: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_target_https_proxy#example-usage---target-https-proxy-certificate-manager-certificate
b/324044382
The text was updated successfully, but these errors were encountered: