Support IPV6_ONLY configurations for compute API
#12283
Conversation
|
Hello! I am a robot. Tests will require approval from a repository maintainer to run. @slevenick, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
modular-magician
added
awaiting-approval
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 1060 Click here to see the affected service packages
Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
| @@ -541,7 +541,8 @@ func ResourceComputeInstance() *schema.Resource { | |||
|
|
|||
| "ipv6_access_config": { | |||
| Type: schema.TypeList, | |||
| Optional: true, | |||
| Optional: true, | |||
| Computed: true, | |||
There was a problem hiding this comment.
Why are we adding Computed on this field?
There was a problem hiding this comment.
As stated in PR's description, if the subnetwork given to the network_interface is a subnetwork of external IPv6 addresses ipv6_access_config will get filled from the API without user's interaction
resource "google_compute_subnetwork" "test" {
name = "testing"
network = google_compute_network.test.self_link
stack_type = "IPV6_ONLY"
ipv6_access_type = "EXTERNAL"
}
resource "google_compute_instance" "test" {
name = "test"
machine_type = "n2-standard-2"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
subnetwork = google_compute_subnetwork.test.self_link
stack_type = "IPV6_ONLY"
}
}
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
What does this fail on? TestAccComputeInstanceNetworkIntefaceWithSecurityPolicy Can't test this locally |
|
|
@slevenick This PR has been waiting for review for 3 weekdays. Please take a look! Use the label |
|
I'm guessing that it's this subtest specifically There is a weird handling of errors here on terraform's side because the error can be thrown both by the Security policy and by the Access Config (having different error messages). So if any changes occur in the API this test is very fragile. Already fixed that one time #11350 Does this fail in other PR's? Or is this caused by my change? If it's only here i'm guessing that the only think causing this could be the |
|
/gcbrun I'll rerun it |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 1064 Click here to see the affected service packages
Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
@karolgorc , the test |
|
Not sure why this was merged because i can't test this without Cloud Armor on my GCP environment to tell whether this was local or caused by something else =P.
I have a fix. I'll create a new PR with it but i'm also looking out for any customer issues related to this as of now |
|
@karolgorc , there are not customer issues related to this now, as this change has not been released to the customers yet. Thanks for working on the fix. The new PR needs to be merged by end of Tuesday next week, when the next release will be cut. Otherwise, this PR has to be reverted. |
|
@karolgorc , can you help me understand why adding In the test Thanks. |
This reverts commit aa87d47.
Not sure about the API inner workings here but we have a weird race condition here where the smallest change cloud alter the error message. It's either thrown by the access config or by the security policy. At least that's what it was when last fixing it. Not sure why it behaves this way on "IPV6_ONLY" We cannot really make a condition in terraform here to use Basically for now i'd say that this feature generates a diff that can only be handled by using "Computed: True" and breaks this test. Unless we want to do some weird hacks with CustomizeDiff but i'd say that would be troublesome to maintain down the line. As i said i don't have an environment with Cloud Armor to closely look into this. |
related to b/360733056
This provides support to set external and internal IPV6 addresses only for VM's and templates
I'm not sure if changing
ipv6_access_configtoComputed: trueis a breaking change but it's needed because when providing external ipv6 subnetwork the field will be filled from API. CI tests should spot this if it is breaking but would love some feedback hereRelease Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.