Terraform-provider-google: Public ephemeral IP no longer obtainable from compute instance's access_config

Created on 6 Oct 2017  ·  5Comments  ·  Source: hashicorp/terraform-provider-google

Terraform Version

v0.10.6

Affected Resource(s)

google_compute_instance

Terraform Configuration Files

Will abbreviate a bit to leave only the important parts, but the script should be runnable:

variable "environment"     { }
variable "application"     { default = "intervention" }
variable "region"          { default = "us-east1"     }
variable "region_zone"     { default = "us-east1-b"   }
variable "project_id"      { }


terraform {
  backend "gcs" {
    bucket  = "some-bucket"
    path    = "some-folder/terraform.tfstate"
  }
}

provider "google" {
  project     = "${var.project_id}"
  region      = "${var.region}"
}

resource "google_compute_instance" "intervention" {
  tags         = ["intervention-host"]
  name         = "${var.application}"
  machine_type = "n1-standard-1"
  zone         = "${var.region_zone}"

  boot_disk {
    initialize_params {
      image = "ubuntu-1604-lts"
      type  = "pd-standard"
    }
  }

  network_interface {
    network = "default"

    access_config {
      // Ephemeral IP
    }
  }

  service_account {
    scopes = ["https://www.googleapis.com/auth/logging.write"]
  }
}

resource "random_id" "name_suffixes" {
  byte_length = 4
}

resource "google_sql_database_instance" "sql_database_instance" {
  name             = "${var.environment}-${var.application}-${random_id.name_suffixes.hex}"
  region           = "${var.region}"
  database_version = "POSTGRES_9_6"

  settings {
    tier      = "db-g1-small"
    disk_type = "PD_SSD"

    ip_configuration {
      authorized_networks {
        name = "${var.application}"
        value = "${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}"
      }
      # some other networks
    }

    backup_configuration {
      enabled = true
      start_time = "01:00"
    }

    location_preference {
      zone = "${var.region_zone}"
    }

    maintenance_window {
      day          = 6
      hour         = 1
      update_track = "stable"
    }
  }
}

resource "google_sql_database" "sql_database" {
  name     = "intervention"
  instance = "${google_sql_database_instance.sql_database_instance.name}"
}

resource "google_sql_user" "users_root" {
  name     = "root"
  instance = "${google_sql_database_instance.sql_database_instance.name}"
  host     = ""
  password = "NOT OUR PASSWORD"
}

Debug Output

I would have to revert too much stuff to run the old version of the code again. I'm saying "old version", because this bug broke our code and we've had to fix it.

Expected Behavior

"${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}" has have the ephemeral public IP of the instance

Actual Behavior

"${google_compute_instance.intervention.network_interface.0.access_config.0.assigned_nat_ip}" is empty.

Steps to Reproduce

terraform apply

Important Factoids

We didn't had the provider's version pinned. We also keep updating Terraform from time to time. We don't run this deployment very often.

At one point the script started failing with 400 error when setting the authorized networks for PSQL. That was because it was trying to add an empty IP to the whitelist. It was trying to set an empty IP, because the value that always had the IP was now empty.

When this error occurred I've pinned the provider version to 1.0.1 and fixed that by using a reserved public IP.

I also checked the whole access_config with terraform console - there's nothing useful in there, no address.

picture butla
👍4

Most helpful comment

This is also reported in #519

A pull request has been sitting out for a few days to fix it: #536

I need some of the newer features in 1.0, but it broke my provisioning scripts, i can't get the address of my bastion hosts (not all my instances have external IP's)

picture briffle on 10 Oct 2017
👍3

All 5 comments

Confirm, reproduced the issue after upgrading terraform-provider-google from v0.1.3 to 1.0.1.
Downgrading back to v0.1.3 solved the problem.

pqr picture pqr on 10 Oct 2017
👍1

This is also reported in #519

A pull request has been sitting out for a few days to fix it: #536

I need some of the newer features in 1.0, but it broke my provisioning scripts, i can't get the address of my bastion hosts (not all my instances have external IP's)

briffle picture briffle on 10 Oct 2017
👍3

536 is currently merged

I think this is good time for new release (this and #519 were kinda serious bugs)

zbikmarc picture zbikmarc on 12 Oct 2017

@zbikmarc OK, closing this then.

butla picture butla on 12 Oct 2017

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 30 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shaulishaked picture shaulishaked  ·  24Comments
vncntvandriessche picture vncntvandriessche  ·  26Comments
ldelossa picture ldelossa  ·  27Comments
ryu1kn picture ryu1kn  ·  32Comments
Preete picture Preete  ·  28Comments