Terraform-provider-google: google_cloud_run_domain_mapping linking to nonexistent service
I am creating a service with public url, a dns CNAME record and a domain mapping to a service on the subdomain backend.
The terraform apply is successful but on the console on the domain mappings screen i see this error on the newly created mapping:
This probably means that the generated route for the service points to nothing, at first i thought it was a problem with namespaces but then i did set the same namespace for every resource and the problem persists.
I also made sure that the service was created before creating the domain mapping using the depends_on directive but the problem remains.
The problem is the same using non beta provider
I am using
Terraform v0.12.17
+ provider.google v3.2.0
+ provider.google-beta v3.2.0
This config is easily reproducible changing the vars at the beginning so tell me if you have the same problem, also note that you will need author access for the project to be able to set the service url as public.
Here is my main.tf
variable "projectId" {
type = string
default = "molten-enigma-261612"
}
variable "domain" {
type = string
default = "instabotnet.club"
}
variable "cloud_dns_zone_name" {
type = string
default = "instabotnet"
}
provider "google-beta" {
credentials = file("account.json")
project = var.projectId
region = "us-central1"
}
provider "google" {
credentials = file("account.json")
project = var.projectId
region = "us-central1"
}
variable "subdomain" {
type = string
default = "backend"
}
resource "google_dns_record_set" "cname" {
name = "${var.subdomain}.${var.domain}."
managed_zone = var.cloud_dns_zone_name
rrdatas = ["ghs.googlehosted.com."]
type = "CNAME"
ttl = 5
}
resource "google_cloud_run_service" "default" {
provider = google-beta
name = "tftest-cloudrun"
location = "us-central1"
metadata {
namespace = var.projectId
}
template {
spec {
containers {
image = "gcr.io/cloudrun/hello"
}
}
}
}
resource "google_cloud_run_domain_mapping" "default" {
provider = google-beta
depends_on = [google_cloud_run_service.default, google_cloud_run_service_iam_policy.noauth, google_dns_record_set.cname]
location = "us-central1"
name = "${var.subdomain}.${var.domain}"
metadata {
namespace = var.projectId
}
spec {
route_name = google_cloud_run_service.default.name
# force_override = true
}
}
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
provider = google-beta
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
output "domain_status" {
value = "${google_cloud_run_domain_mapping.default.status[0].conditions[0].status}"
}
output "service_url" {
value = "${google_cloud_run_service.default.status[0].url}"
}
Here is the order of executions
google_cloud_run_service.default: Creating...
google_dns_record_set.cname: Creating...
google_dns_record_set.cname: Creation complete after 1s [id=instabotnet/backend.instabotnet.club./CNAME]
google_cloud_run_service.default: Still creating... [10s elapsed]
google_cloud_run_service.default: Creation complete after 19s [id=locations/us-central1/namespaces/molten-enigma-261612/services/tftest-cloudrun]
google_cloud_run_service_iam_policy.noauth: Creating...
google_cloud_run_service_iam_policy.noauth: Creation complete after 2s [id=v1/projects/molten-enigma-261612/locations/us-central1/services/tftest-cloudrun]
google_cloud_run_domain_mapping.default: Creating...
google_cloud_run_domain_mapping.default: Creation complete after 2s [id=locations/us-central1/namespaces/molten-enigma-261612/domainmappings/backend.instabotnet.club]
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
remorses
All 8 comments
@remorses I am able to reproduce the issue, its working as designed. In order to use the custom domain mapping for your cloud run service, you need to use the verified(existing) domain. Please refer this doc
I have attached the debug log which matches the error message seen on the cloud console UI
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "certificateMode": "AUTOMATIC"
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: },
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "status": {
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "conditions": [
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: {
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "type": "Ready",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "status": "False",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "reason": "RouteMissing",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "message": "Route projects/xxx/global/services/tftest-cloudrun does not exist.",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "lastTransitionTime": "2019-12-17T23:34:25.829Z"
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: },
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: {
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "type": "Retry",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "status": "True",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "reason": "WaitingForOperation",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "message": "System will retry after 0:01:00 from lastTransitionTime for attempt 1.",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "lastTransitionTime": "2019-12-17T23:34:25.829Z",
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "severity": "Info"
}
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: ],
2019-12-17T15:34:26.064-0800 [DEBUG] plugin.terraform-provider-google_v3.2.0_x5: "observedGeneration": 1
venkykuberan
on 18 Dec 2019
I have the same issue, there's a function that transforms the route_name property to this old format, which is no longer supported by the API.
Probably this one: https://github.com/terraform-providers/terraform-provider-google/blob/4e3c5913387d18aae970a360af0085f2f93b6ba3/google/resource_cloud_run_domain_mapping.go#L656-L662
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] Creating new DomainMapping: map[string]interface {}{"apiVersion":"domains.cloudrun.com/v1", "kind":"DomainMapping", "metadata":map[string]interface {}{"name":"eu-geoip-api.d2p.cloud", "namespace":"d2p-canary-eu"}, "spec":map[string]interface {}{"certificateMode":"AUTOMATIC", "routeName":"projects/d2p-canary-eu/global/services/geoip-api"}}
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] Creating new DomainMapping: map[string]interface {}{"apiVersion":"domains.cloudrun.com/v1", "kind":"DomainMapping", "metadata":map[string]interface {}{"name":"eu-messaging-webhook.d2p.cloud", "namespace":"d2p-canary-eu"}, "spec":map[string]interface {}{"certificateMode":"AUTOMATIC", "routeName":"projects/d2p-canary-eu/global/services/messaging-webhook"}}
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] Waiting for state to become: [success]
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] Waiting for state to become: [success]
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] setting computed for "status" from ComputedKeys
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] setting computed for "metadata.0.labels" from ComputedKeys
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] setting computed for "metadata.0.annotations" from ComputedKeys
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] setting computed for "metadata.0.annotations" from ComputedKeys
2019-12-18T15:42:56.358+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] setting computed for "metadata.0.labels" from ComputedKeys
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: 2019/12/18 15:42:56 [DEBUG] Google API Request Details:
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: ---[ REQUEST ]---------------------------------------
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: POST /apis/domains.cloudrun.com/v1/namespaces/d2p-canary-eu/domainmappings?alt=json HTTP/1.1
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: Host: europe-west1-run.googleapis.com
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: User-Agent: HashiCorp Terraform/0.12.17 (+https://www.terraform.io) Terraform Plugin SDK/1.4.0 terraform-provider-google/3.3.0
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: Content-Length: 255
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: Content-Type: application/json
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: Accept-Encoding: gzip
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5:
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: {
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "apiVersion": "domains.cloudrun.com/v1",
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "kind": "DomainMapping",
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "metadata": {
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "name": "eu-messaging-webhook.d2p.cloud",
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "namespace": "d2p-canary-eu"
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: },
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "spec": {
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "certificateMode": "AUTOMATIC",
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: "routeName": "projects/d2p-canary-eu/global/services/messaging-webhook"
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: }
2019-12-18T15:42:56.359+0100 [DEBUG] plugin.terraform-provider-google_v3.3.0_x5: }
Error returned
2019/12/18 15:42:56 [WARN] Provider "google" produced an unexpected new value for google_cloud_run_domain_mapping.domain_mapping["geoip-api"], but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .spec[0].force_override: was null, but now cty.False
- .spec[0].route_name: was cty.StringVal("geoip-api"), but now cty.StringVal("projects/d2p-canary-eu/global/services/geoip-api")
See "routeName":"projects/d2p-canary-eu/global/services/geoip-api"
While in my Terraform resource route_name was declared as geoip-api only (the name of the CloudRun service)
chreble
on 18 Dec 2019
@chreble Actually its a warning message. Can you please just clarify couple of things.
1) Is google_cloud_run_domain_mapping resource successfully created ?
2) Are you using verified/valid domain name in your config ?
Please attach your debug log for the post call for google_cloud_run_domain_mapping
venkykuberan
on 20 Dec 2019
Sorry i didn't notice i hard coded the domain, i changed so that you can try with your own domain (its must DNS must be managed in gcp Cloud Dns)
I already followed the linked doc and i can make domain mappings work from the Web UI, the problem must be in the api call for the domain mapping creation imo
I am using a verified domain managed with Cloud DNS in a zone already manually created, i changed the example so that you can try with your own domain.
You need to create a cloud DNS zone and place its name in the var cloud_dns_zone_name and add the domain to map in the domain var
remorses
on 20 Dec 2019
I think expandCloudRunDomainMappingSpecRouteName should only return the service name
remorses
on 20 Dec 2019
@remorses Yes, that’s the culprit IMHO
chreble
on 21 Dec 2019
Is there a workaround available for this issue?
charleskorn
on 22 Dec 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 27 Jan 2020
Related issues
matti
·
3Comments
Evesy
·
3Comments
hashibot[bot]
·
3Comments
jamielennox
·
4Comments
pdecat
·
3Comments
Most helpful comment
I think
expandCloudRunDomainMappingSpecRouteNameshould only return the service name