Skip to content
This repository has been archived by the owner on May 15, 2023. It is now read-only.

converting tfplan to CAI assets: adding resource changes to converter: adding resource create/update/no-op converting asset: The zonal field for resource disks cannot be empty.", #573

Open
devopsvj opened this issue Mar 9, 2022 · 2 comments
Open

converting tfplan to CAI assets: adding resource changes to converter: adding resource create/update/no-op converting asset: The zonal field for resource disks cannot be empty.", #573

devopsvj opened this issue Mar 9, 2022 · 2 comments
Labels
question Further information is requested

Comments

@devopsvj
Copy link

devopsvj commented Mar 9, 2022

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave +1 or me too comments; they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If the issue is assigned to a user, that user is claiming responsibility for the issue.

Terraform Validator version

terraform-validator: v0.12.5
terraform cli 1.0.5

[validate] 2022-03-09T00:37:39.785693036Z error {"version": "v1.0.0", "error_details": {"error": "converting tfplan to CAI assets: adding resource changes to converter: adding resource create/update/no-op converting asset: The zonal field for resource disks cannot be empty.", "context": "github.com/GoogleCloudPlatform/terraform-validator/cmd.Execute\n\t/Users/stephenrlewis/projects/terraform-validator/cmd/root.go:111\nmain.main\n\t/Users/stephenrlewis/projects/terraform-validator/main.go:30\nruntime.main\n\t/usr/local/Cellar/go/1.16.6/libexec/src/runtime/proc.go:225"}}

Affected Resource(s)

Trying to create VM with adding extra disk, reports below error

[validate] 2022-03-09T00:37:39.785693036Z error {"version": "v1.0.0", "error_details": {"error": "converting tfplan to CAI assets: adding resource changes to converter: adding resource create/update/no-op converting asset: The zonal field for resource disks cannot be empty.", "context": "github.com/GoogleCloudPlatform/terraform-validator/cmd.Execute\n\t/Users/stephenrlewis/projects/terraform-validator/cmd/root.go:111\nmain.main\n\t/Users/stephenrlewis/projects/terraform-validator/main.go:30\nruntime.main\n\t/usr/local/Cellar/go/1.16.6/libexec/src/runtime/proc.go:225"}}

  • google_XXXXX

Terraform Plan JSON

# Copy-paste your Terraform plan JSON here
#
# Ideally this would be a minimal plan that reproduces your issue.
# For large plan files, please use a service like Dropbox and share a link to the ZIP file.

Debug Output

Expected Behavior

Actual Behavior

Steps to Reproduce

  1. terraform-validator convert tfplan.json

Important Factoids

References

  • #0000
@devopsvj devopsvj added the bug Something isn't working label Mar 9, 2022
@melinath melinath added question Further information is requested and removed bug Something isn't working labels Mar 9, 2022
@melinath
Copy link
Member

melinath commented Mar 9, 2022

Some resources need to have zone fields set on them. TFV supports the same env vars to set defaults for those fields as the Terraform Provider: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference

If you believe this is a bug, please provide a minimal reproducible case (i.e. a Terraform plan). Thanks!

@asterr-tsi
Copy link

I have encountered a similar (maybe the same issue). I believe it is a bug as the terraform is valid, and will apply, however the gcloud terraform vet fails to convert to CAI.

Problem

Terraform vet fails to convert valid terraform to CAI.

Expected Result

$ gcloud beta terraform vet tfplan.json --policy-library ./policies
Validating resources...done.
Actual Result
$ gcloud beta terraform vet tfplan.json --policy-library ./policies
ERROR: [google_compute_instance.default: converting TF resource to CAI: The zonal field for resource disks cannot be empty.]. Additional details: [terraform-validator-internal.git.corp.google.com/terraform-tools.git/cmd.Execute
	/tmpfs/src/git/terraform-tools/cmd/root.go:93
main.main
	/tmpfs/src/git/terraform-tools/main.go:16
runtime.main
	/usr/local/go/src/runtime/proc.go:250]

Gcloud Version

$ gcloud version
Google Cloud SDK 427.0.0
alpha 2023.04.17
beta 2023.04.17
bq 2.0.91
config-connector 1.93.0
core 2023.04.17
docker-credential-gcr 1.5.0
gcloud-crc32c 1.0.0
gke-gcloud-auth-plugin 0.5.2
gsutil 5.23
kubectl 1.24.12
terraform-tools 0.10.0

Test Case Plan

Terraform will perform the following actions:

  # google_compute_disk.test_disk will be created
  + resource "google_compute_disk" "test_disk" {
      + creation_timestamp        = (known after apply)
      + id                        = (known after apply)
      + label_fingerprint         = (known after apply)
      + last_attach_timestamp     = (known after apply)
      + last_detach_timestamp     = (known after apply)
      + name                      = "test_disk"
      + physical_block_size_bytes = (known after apply)
      + project                   = "prj-risk-d-database-a2vs"
      + provisioned_iops          = (known after apply)
      + self_link                 = (known after apply)
      + size                      = 30
      + source_disk_id            = (known after apply)
      + source_image_id           = (known after apply)
      + source_snapshot_id        = (known after apply)
      + type                      = "pd-balanced"
      + users                     = (known after apply)
      + zone                      = "us-central1-a"
    }

  # google_compute_instance.default will be created
  + resource "google_compute_instance" "default" {
      + can_ip_forward          = false
      + cpu_platform            = (known after apply)
      + current_status          = (known after apply)
      + deletion_protection     = false
      + guest_accelerator       = (known after apply)
      + id                      = (known after apply)
      + instance_id             = (known after apply)
      + label_fingerprint       = (known after apply)
      + machine_type            = "e2-medium"
      + metadata                = {
          + "foo" = "bar"
        }
      + metadata_fingerprint    = (known after apply)
      + metadata_startup_script = "echo hi > /test.txt"
      + min_cpu_platform        = (known after apply)
      + name                    = "test"
      + project                 = "prj-risk-d-database-a2vs"
      + self_link               = (known after apply)
      + tags                    = [
          + "bar",
          + "foo",
        ]
      + tags_fingerprint        = (known after apply)
      + zone                    = "us-central1-a"

      + attached_disk {
          + device_name                = "test_mount"
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + mode                       = "READ_WRITE"
          + source                     = (known after apply)
        }

      + boot_disk {
          + auto_delete                = true
          + device_name                = (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + mode                       = "READ_WRITE"
          + source                     = (known after apply)

          + initialize_params {
              + image  = "debian-cloud/debian-11"
              + labels = {
                  + "my_label" = "value"
                }
              + size   = (known after apply)
              + type   = (known after apply)
            }
        }

      + network_interface {
          + ipv6_access_type   = (known after apply)
          + name               = (known after apply)
          + network            = "default"
          + network_ip         = (known after apply)
          + stack_type         = (known after apply)
          + subnetwork         = (known after apply)
          + subnetwork_project = (known after apply)

          + access_config {
              + nat_ip       = (known after apply)
              + network_tier = (known after apply)
            }
        }

      + scratch_disk {
          + interface = "SCSI"
          + size      = 375
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Test case main.tf

resource "google_compute_instance" "default" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"
  project      = "prj-risk-d-database-a2vs"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      labels = {
        my_label = "value"
      }
    }
  }

  attached_disk {
    device_name = "test_mount"
    source = google_compute_disk.test_disk.self_link
  }
  // Local SSD disk
  scratch_disk {
    interface = "SCSI"
  }

  network_interface {
    network = "default"

    access_config {
      // Ephemeral public IP
    }
  }

  metadata = {
    foo = "bar"
  }

  metadata_startup_script = "echo hi > /test.txt"

  # service_account {
  #   # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
  #   email  = google_service_account.default.email
  #   scopes = ["cloud-platform"]
  # }
}

resource "google_compute_disk" "test_disk" {
  name    = "test_disk"
  type    = "pd-balanced"
  zone    = "us-central1-a"
  size    = 30 # GB
  project = "prj-risk-d-database-a2vs"
}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@melinath @devopsvj @asterr-tsi