Fix for perma-diff when using PSC NEGs.

Provider issue: https://github.com/hashicorp/terraform-provider-google/issues/20576
2024-12-17 11:56:47 +00:00
parent 6d51c8da4d
commit 3337f0be0e
6 changed files with 34 additions and 8 deletions
--- a/modules/net-lb-app-ext-regional/negs.tf
+++ b/modules/net-lb-app-ext-regional/negs.tf
@@ -89,6 +89,10 @@ resource "google_compute_region_network_endpoint_group" "psc" {
  psc_target_service    = each.value.psc.target_service
  network               = each.value.psc.network
  subnetwork            = each.value.psc.subnetwork
+  lifecycle {
+    # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
+    ignore_changes = [psc_data]
+  }
 }

 resource "google_compute_region_network_endpoint_group" "serverless" {
--- a/modules/net-lb-app-ext/negs.tf
+++ b/modules/net-lb-app-ext/negs.tf
@@ -130,6 +130,10 @@ resource "google_compute_region_network_endpoint_group" "psc" {
  psc_target_service    = each.value.psc.target_service
  network               = each.value.psc.network
  subnetwork            = each.value.psc.subnetwork
+  lifecycle {
+    # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
+    ignore_changes = [psc_data]
+  }
 }

 resource "google_compute_region_network_endpoint_group" "serverless" {
--- a/modules/net-lb-app-int-cross-region/main.tf
+++ b/modules/net-lb-app-int-cross-region/main.tf
@@ -163,4 +163,8 @@ resource "google_compute_region_network_endpoint_group" "psc" {
  psc_target_service    = each.value.psc.target_service
  network               = each.value.psc.network
  subnetwork            = each.value.psc.subnetwork
+  lifecycle {
+    # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
+    ignore_changes = [psc_data]
+  }
 }
--- a/modules/net-lb-app-int/README.md
+++ b/modules/net-lb-app-int/README.md
@@ -26,6 +26,7 @@ Due to the complexity of the underlying resources, changes to the configuration
 - [Files](#files)
 - [Variables](#variables)
 - [Outputs](#outputs)
+- [Fixtures](#fixtures)
 <!-- END TOC -->

 ### Minimal Example
@@ -375,7 +376,7 @@ module "ilb-l7" {
  source     = "./fabric/modules/net-lb-app-int"
  name       = "ilb-test"
  project_id = var.project_id
-  region     = "europe-west1"
+  region     = var.region
  backend_service_configs = {
    default = {
      backends = [{
@@ -388,8 +389,8 @@ module "ilb-l7" {
  neg_configs = {
    my-neg = {
      psc = {
-        region         = "europe-west1"
-        target_service = "europe-west1-cloudkms.googleapis.com"
+        region         = var.region
+        target_service = "${var.region}-cloudkms.googleapis.com"
      }
    }
  }
@@ -398,7 +399,7 @@ module "ilb-l7" {
    subnetwork = var.subnet.self_link
  }
 }
-# tftest modules=1 resources=5
+# tftest modules=1 resources=5 e2e
 ```

 #### Internet NEG creation
@@ -561,11 +562,11 @@ module "ilb-l7" {
  source     = "./fabric/modules/net-lb-app-int"
  name       = "ilb-test"
  project_id = var.project_id
-  region     = "europe-west1"
+  region     = var.region
  backend_service_configs = {
    default = {
      backends = [{
-        group = "projects/myprj/zones/europe-west1-a/instanceGroups/my-ig"
+        group = module.compute-vm-group-b.group.id
      }]
    }
  }
@@ -575,14 +576,14 @@ module "ilb-l7" {
  }
  service_attachment = {
    nat_subnets          = [var.subnet_psc_1.self_link]
-    automatic_connection = true
+    automatic_connection = false
    consumer_accept_lists = {
      # map of `project_id` => `connection_limit`
      (var.project_id) = 10
    }
  }
 }
-# tftest modules=1 resources=6
+# tftest modules=3 resources=10 fixtures=fixtures/compute-vm-group-bc.tf e2e
 ```

 ### Complex example
@@ -774,4 +775,8 @@ For deploying changes to load balancer configuration please refer to [net-lb-app
 | [psc_neg_ids](outputs.tf#L68) | Autogenerated PSC network endpoint group ids. |  |
 | [regional_neg_ids](outputs.tf#L75) | Autogenerated regional network endpoint group ids. |  |
 | [service_attachment_id](outputs.tf#L82) | Id of the service attachment. |  |
+
+## Fixtures
+
+- [compute-vm-group-bc.tf](../../tests/fixtures/compute-vm-group-bc.tf)
 <!-- END TFDOC -->
--- a/modules/net-lb-app-int/main.tf
+++ b/modules/net-lb-app-int/main.tf
@@ -219,6 +219,11 @@ resource "google_compute_region_network_endpoint_group" "psc" {
  psc_target_service    = each.value.psc.target_service
  network               = each.value.psc.network
  subnetwork            = each.value.psc.subnetwork
+  lifecycle {
+    # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
+    ignore_changes = [psc_data]
+  }
+
 }

 locals {
--- a/modules/net-lb-proxy-int/main.tf
+++ b/modules/net-lb-proxy-int/main.tf
@@ -121,6 +121,10 @@ resource "google_compute_region_network_endpoint_group" "psc" {
  psc_target_service    = each.value.psc.target_service
  network               = each.value.psc.network
  subnetwork            = each.value.psc.subnetwork
+  lifecycle {
+    # ignore until https://github.com/hashicorp/terraform-provider-google/issues/20576 is fixed
+    ignore_changes = [psc_data]
+  }
 }

 # Internet NEG