Terraform-provider-google: Follow up to bug 3165 - google-beta provider not behaving as expected.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
- If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.
Terraform Version
google_dns_managed_zone Private Zone to be created along with the DNS policy Error: google_dns_managed_zone.private-zone[0]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[1]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[2]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[3]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[4]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[5]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[6]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[7]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[8]: private_visibility_config.0: invalid or unknown key: forwarding_config Error: google_dns_managed_zone.private-zone[9]: private_visibility_config.0: invalid or unknown key: forwarding_config
Affected Resource(s)
google_dns_policyTerraform Configuration Files
/*******************************************
Configure the Provider Variables
*******************************************/
provider "google-beta" {
credentials = "${file(var.credentials_file_path)}"
project = "${var.project_name}"
region = "${var.region}"
zone = "${var.region_zone}"
}
/*******************************************
DNS Managed Private Zone with Forwarding
*******************************************/
resource "google_dns_managed_zone" "private-zone" {
description = "Allows Outbound forwarding of DNS requests TO on-premis"
provider = "google-beta"
count = "${length(var.zones)}"
name = "${lookup(var.zones[count.index], "zone_name")}"
dns_name = "${lookup(var.zones[count.index], "zone_dns_name")}"
labels = {
foo = "bar"
}
visibility = "${lookup(var.zones[count.index], "zone_visibility")}"
private_visibility_config {
networks {
network_url = "${local.network_url}"
}
forwarding_config {
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
}
}
}
/*******************************************
DNS Server Policy - Inbound
*******************************************/
resource "google_dns_policy" "inbound-policy" {
description = " Allows Inbound DNS requests to GCP assets FROM on-premis"
provider = "google-beta"
name = "${var.dns_policy_name}"
enable_inbound_forwarding = true
enable_logging = true
alternative_name_server_config {
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
}
networks {
network_url = "${local.network_url}"
}
}
Expected Behavior
Actual Behavior
Steps to Reproduce
terraform validateImportant Factoids
References
croteaub
All 11 comments
Hey @croteaub! Per the docs, forwarding_config is a separate top-level field and not a subfield of private_visibility_config: https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#forwarding_config
rileykarson
on 3 May 2019
Please re-open - it is it's own top level. the format was copy and pasted
from the docs itself form the beginning.
On Thu, May 2, 2019 at 6:54 PM Riley Karson notifications@github.com
wrote:
Closed #3544
https://github.com/terraform-providers/terraform-provider-google/issues/3544
.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-google/issues/3544#event-2315916361,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AHNX6FMKGKOSM4KYVME7YOLPTNWITANCNFSM4HKJQRYA
.
croteaub
on 3 May 2019
resource "google_dns_managed_zone" "private-zone" {
description = "Allows Outbound forwarding of DNS requests TO on-premis"
provider = "google-beta"
count = "${length(var.zones)}"
name = "${lookup(var.zones[count.index], "zone_name")}"
dns_name = "${lookup(var.zones[count.index], "zone_dns_name")}"
labels = {
foo = "bar"
}
visibility = "${lookup(var.zones[count.index], "zone_visibility")}"
private_visibility_config {
networks {
network_url = "${local.network_url}"
}
}
forwarding_config {
target_name_servers {
ipv4_address = "1.1.1.1"
}
target_name_servers {
ipv4_address = "1.1.1.1"
}
target_name_servers {
ipv4_address = "1.1.1.1"
}
target_name_servers {
ipv4_address = "1.1.1.1"
}
}
}
#
The results are the same errors as previously stated.
croteaub
on 3 May 2019
Looks like the formatting got a little mangled, if you don't mind touching it up. Can you also attach debug logs? The error message indicates that the field has been nested, so I'm not sure what's happening here.
Error: google_dns_managed_zone.private-zone[0]: private_visibility_config.0: invalid or unknown key: forwarding_config
indicates that it sees something like;
private_visibility_config {
forwarding_config {
}
}
resource "google_dns_managed_zone" "private-zone" {
description = "Allows Outbound forwarding of DNS requests TO on-premis"
provider = "google-beta"
count = "${length(var.zones)}"
name = "${lookup(var.zones[count.index], "zone_name")}"
dns_name = "${lookup(var.zones[count.index], "zone_dns_name")}"
labels = {
foo = "bar"
}
visibility = "${lookup(var.zones[count.index], "zone_visibility")}"
private_visibility_config {
networks {
network_url = "${local.network_url}"
}
}
forwarding_config {
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
}
}
/*******************************************
DNS Server Policy - Inbound
*******************************************/
resource "google_dns_policy" "inbound-policy" {
description = " Allows Inbound DNS requests to GCP assets FROM on-premis"
provider = "google-beta"
name = "${var.dns_policy_name}"
enable_inbound_forwarding = true
enable_logging = true
alternative_name_server_config {
target_name_servers {
ipv4_address = "x.x.x."
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
target_name_servers {
ipv4_address = "x.x.x.x"
}
}
networks {
network_url = "${local.network_url}"
}
}
DEBUG OUTPUT
tail dns_debug.log
2019/05/03 08:14:18 [TRACE] vertex 'root.provider.google-beta (close)': evaluating
2019/05/03 08:14:18 [TRACE] [walkValidate] Entering eval tree: provider.google-beta (close)
2019/05/03 08:14:18 [TRACE] root: eval: *terraform.EvalCloseProvider
2019/05/03 08:14:18 [TRACE] [walkValidate] Exiting eval tree: provider.google-beta (close)
2019/05/03 08:14:18 [TRACE] dag/walk: walking "root"
2019/05/03 08:14:18 [TRACE] vertex 'root.root': walking
2019/05/03 08:14:18 [DEBUG] plugin: waiting for all plugin processes to complete...
2019-05-03T08:14:18.987-0400 [DEBUG] plugin.terraform-provider-google-beta_v2.5.1_x4: 2019/05/03 08:14:18 [ERR] plugin: plugin server: accept unix /var/folders/dw/qzzkbg4j0xb_dz_krvc6gsv80000gp/T/plugin665456614: use of closed network connection
2019-05-03T08:14:18.987-0400 [DEBUG] plugin.terraform-provider-google-beta_v2.5.1_x4: 2019/05/03 08:14:18 [ERR] plugin: stream copy 'stderr' error: stream closed
2019-05-03T08:14:18.989-0400 [DEBUG] plugin: plugin process exited: path=/Users/rcroteau/Documents/Development/Terraform/google/croteaub/terraform-google-cloud-dns/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v2.5.1_x4
croteaub
on 3 May 2019
Are you able to provide more of the log? All that is from after the failure had already happened.
rileykarson
on 3 May 2019
croteaub
on 3 May 2019
Checking on if there is any update from the log post? Thank you.
croteaub
on 9 May 2019
I can't see anything that indicates another cause; we run an acceptance test including the field and it works as expected: https://github.com/terraform-providers/terraform-provider-google-beta/blob/master/google-beta/resource_dns_managed_zone_test.go#L154-L168
As I understand it, the error we're encountering is before the provider begins running code; the provider has provided the resource schema to Terraform Core, and it's failing on config validation.
If you're able to post a minimal reproduction of the issue, that would be a big help (eg: without a resource count, with less subfields used / no external variables in config etc)
rileykarson
on 9 May 2019
Hi Riley,
You can close this issue. I was able to simplify the code down and re-wrote it, and it completed successfully. Assuming it was a syntax/indentation.
Thanks for digging in.
croteaub
on 20 May 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 20 Jun 2019
Related issues
ewbankkit
·
4Comments
firstVersion
·
4Comments
matti
·
3Comments
Zhann
·
3Comments
jamielennox
·
4Comments