Terraform-provider-google: Clearing google_container_cluster.master_authorized_networks_config errors out

Created on 9 Oct 2018  ·  10Comments  ·  Source: hashicorp/terraform-provider-google

Removing a google_container_cluster resource's master_authorized_networks_config attribute from Terraform code and running terraform apply:

$ terraform apply
google_container_cluster.cluster: Refreshing state... (ID: xxxxxxxx)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ google_container_cluster.cluster
      master_authorized_networks_config.#: "1" => "0"


Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_container_cluster.cluster: Modifying... (ID: xxxxxxxx)
  master_authorized_networks_config.#: "1" => "0"

Error: Error applying plan:

1 error(s) occurred:

* google_container_cluster.cluster: 1 error(s) occurred:

* google_container_cluster.cluster: googleapi: Error 400: Must specify a field to update., badRequest
bug
Source
picture ewbankkit
👍6

All 10 comments

It looks like expandMasterAuthorizedNetworksConfig called from here shouldn't return nil but instead

&containerBeta.MasterAuthorizedNetworksConfig{
        Enabled: false,
}
ewbankkit picture ewbankkit on 9 Oct 2018

Same error in terraform-provider-google-beta.

ewbankkit picture ewbankkit on 9 Oct 2018

I also think that this line should change to

if c == nil || !c.Enabled

else if I remove all the master_authorized_networks_config lines from the state file and run terraform plan:

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

google_container_cluster.cluster: Refreshing state... (ID: xxxxxxxx)

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ google_container_cluster.cluster
      master_authorized_networks_config.#:               "1" => "0"
      master_authorized_networks_config.0.cidr_blocks.#: "" => <computed>


Plan: 0 to add, 1 to change, 0 to destroy.

and I get the same error.

ewbankkit picture ewbankkit on 9 Oct 2018

I played around with the masterAuthorizedNetworksConfig setting via the console and then looked at the API calls that were made on stackdriver and these are the payloads the update expect for all possible combinations:

DISABLE

notice how you have to specify an empty dict {} and not enabled: false to disable it

   update: {
    desiredMasterAuthorizedNetworksConfig: {}
   }

ENABLE with empty list of cidrBlocks

   update: {
    desiredMasterAuthorizedNetworksConfig: {
     enabled:  true      
    }
   }

ENABLE and specify cidrBlock

   update: {
    desiredMasterAuthorizedNetworksConfig: {
     cidrBlocks: [
      0: {
       cidrBlock:  "8.8.8.8/32"        
       displayName:  "test"        
      }
     ]
     enabled:  true      
    }
   }
gburiola picture gburiola on 8 Nov 2018
👍1

Trying to get nodes private, but master public (while we work on getting ci system on a known set of cidrs) But even tho the docs says master_authorized_networks_config (optional) it gets enabled.

Leaving it empty throws "missing field 400 error" during apply.
Leaving the section out of the config entirely just enabled it but with no cidrs added.

chap-dr picture chap-dr on 13 Jan 2019

Hey,

Are there any updates on this? We are currently struggling exactly with this issue. When doing a plan:

~ module.k8s.google_container_cluster.cluster
      master_authorized_networks_config.#:                        "1" => "0"

And trying afterwards an apply:

* google_container_cluster.cluster: 1 error(s) occurred:

* google_container_cluster.cluster: googleapi: Error 400: Must specify a field to update., badRequest

Currently this behaviour would mean to delete and recreate a lot of productive clusters. Anyone found a suitable workaround without recreation? Or better any chance of getting this fixed?

oswalya picture oswalya on 6 Sep 2019

This issue might be solved by a PR I just opened at the magic modules:
https://github.com/GoogleCloudPlatform/magic-modules/pull/2308

Fingers crossed. Further I think this bug is also related / the same as https://github.com/terraform-providers/terraform-provider-google/issues/3098

oswalya picture oswalya on 11 Sep 2019
👍1

~Hi @oswalya ! Thank you so much for your contribution! Last week, before HashiConf, I had made the same change (https://github.com/GoogleCloudPlatform/magic-modules/pull/2312). Because acceptance tests are required, and I've added it there, I will merge that one. But we really appreciate your help, thank you!~

Oops, thought this was the PR.

megan07 picture megan07 on 13 Sep 2019

Thanks @ewbankkit for opening this issue. It's been closed with https://github.com/GoogleCloudPlatform/magic-modules/pull/2312 and will be released shortly.

megan07 picture megan07 on 16 Sep 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 17 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gilberthdez picture gilberthdez  ·  3Comments
mumblez picture mumblez  ·  4Comments
firstVersion picture firstVersion  ·  4Comments
Evesy picture Evesy  ·  3Comments
jamielennox picture jamielennox  ·  4Comments