Terraform-provider-google: Having annotations in google_cloud_run_domain_mapping forces deletion and recreation of the resource

Created on 14 Oct 2020 · 12Comments · Source: hashicorp/terraform-provider-google

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave _+1_ or _me too_ comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform 0.13.3

Affected Resource(s)

google_cloud_run_domain_mapping

Terraform Configuration Files

Before change (with annotation)

resource "google_cloud_run_domain_mapping" "default" {
  project  = var.project
  location = var.location
  name     = var.domain

  metadata {
    namespace = var.project
    annotations = {
       "run.googleapis.com/launch-stage" = "BETA"
    }
  }

  spec {
    route_name     = google_cloud_run_service.run-api.name
  }
}

After change(without annotation)

resource "google_cloud_run_domain_mapping" "default" {
  project  = var.project
  location = var.location
  name     = var.domain

  metadata {
    namespace = var.project
  }

  spec {
    route_name     = google_cloud_run_service.run-api.name
  }
}

Expected Behavior

When this is run without change, no changes should be in the plan.

Actual Behavior

The terraform wants to destroy and recreate the domain mapping.

Steps to Reproduce

create terraform setup with a domain mapping for a cloud run with an annotation.
run terraform apply.
change image that is being used for cloud run to deploy a new revision.
run terraform plan.

Important Factoids

N/A

References

N/A

#0000

bug

Source

dvalemark

👍8

Most helpful comment

@steren I can confirm that your approach does not work. After creating the domain mapping with the annotation, on the next plan terraform wants to recreate it due to:

      ~ metadata {
          ~ annotations      = { # forces replacement
                "run.googleapis.com/launch-stage"  = "BETA"
              - "serving.knative.dev/creator"      = "[email protected]" -> null
              - "serving.knative.dev/lastModifier" = "[email protected]" -> null

including the serving*-annotations on subsequent applies works (but does not make sense, since they are set implicitly on creation and change). Also, the described tactic of adding on create and then removing the annotation block completely for update runs works (as in the annotation is not removed, no change is done to the domain mapping).

Therefore I think this is a valid issue and should be reopened.

neurolabs on 20 Oct 2020

👍2

All 12 comments

Cloud Run API (https://cloud.google.com/run/docs/reference/rest/v1/namespaces.domainmappings/create) doesn't have an update method sogoogle_cloud_run_mapping resource have only Create, Read & Delete methods. Any change in the resource config requires resource to be recreated after destroy.

venkykuberan on 14 Oct 2020

the problem is that it recreates at every deploy without anything being updated in the module as long as it has annotations.

dvalemark on 15 Oct 2020

Let's clarify:

If should be possible to create a domain mapping with the "run.googleapis.com/launch-stage" = "BETA" annotation and it is expected for this annotation to be returned by the Cloud Run API when reading the created mapping.

In the reported issue, are you applying this terraform config from scratch? or are you applying it on an existing project?

steren on 19 Oct 2020

It has been applied in both instances and always results in recreation of the domain mapping.

If creating the resource from scratch we need to use the beta flag or it fails, then we need to set annotations to null to avoid subsequent applys from recreating the mapping.

dogmatic69 on 19 Oct 2020

We have the same problem.
Creating a new google_cloud_run_domain_mapping resource always results in:
Error: Error creating DomainMapping: googleapi: Error 400: The feature 'mapping custom domains' is not supported in the declared launch stage on resource *** The launch stage annotation should be specified at least as BETA. Please visit https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation for in-depth troubleshooting documentation.
Adding the annotation, running terraform apply and then removing the annotation again resolves the problem for that resource.

tombeck on 20 Oct 2020

You should create the domain mapping with the annotation and never remove it afterwards.

Attempting to create without the annotation or removing the annotation later leads to a failure because custom domains are a Beta Cloud Run feature.

steren on 20 Oct 2020

@steren I can confirm that your approach does not work. After creating the domain mapping with the annotation, on the next plan terraform wants to recreate it due to:

      ~ metadata {
          ~ annotations      = { # forces replacement
                "run.googleapis.com/launch-stage"  = "BETA"
              - "serving.knative.dev/creator"      = "[email protected]" -> null
              - "serving.knative.dev/lastModifier" = "[email protected]" -> null

Therefore I think this is a valid issue and should be reopened.

neurolabs on 20 Oct 2020

👍2

Confirming the same issue as @neurolabs, as workaround I've configure the following lifecycle policies

lifecycle {
    ignore_changes = [
      metadata[0].annotations,
      metadata[0].annotations["serving.knative.dev/creator"],
      metadata[0].annotations["serving.knative.dev/lastModifier"]
    ]
  }

emmekappa on 20 Oct 2020

@emmekappa nice, I was trying to do ignoire_changes but could not get the syntax correct. How did you figure out metadata[0].annotations and why the other two, I would think the whole block is enough?

dogmatic69 on 20 Oct 2020

It seems that problem come from the "serving.knative.dev/creator" and "serving.knative.dev/lastModifier" auto added annotation. These annotations are not specific to domain mappings, they are set on every Cloud Run resources.
Terraform should ignore them by default. I will open an issue for this.

Wouldn't this be enough to fix domain mappings?

lifecycle {
    ignore_changes = [
      metadata[0].annotations["serving.knative.dev/creator"],
      metadata[0].annotations["serving.knative.dev/lastModifier"]
    ]
  }

steren on 20 Oct 2020

I opened https://github.com/hashicorp/terraform-provider-google/issues/7583 to ignore the creator and lastModifier annotations by default

steren on 20 Oct 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!