resource-url keep showing up in metadata argument of gce_setup block for google_workbench_instance after deploying

[frankcaoyun]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

After deploying the google_workbench_instance resource, the resource-url metadata will show up in the next terraform plan diff:

This will appear in every plan action and make deployment less readable when there is no expected change.

New or Affected Resource(s)

google_workbench_instance

Potential Terraform Configuration

No change needed. The resource-url needs to be tracked in the state.

References

No response

b/388839893

[roaks3]

This could be a server-side change, but we haven't seen this issue in our nightly tests, so that could only be the case if it was deployed very recently.

Are you setting anything in your metadata? It's possible there are specific conditions needed to observe this issue, so if you are able it would help to share your (sanitized) google_workbench_instance config.

[frankcaoyun]

Hi @roaks3 , please refer to the code below:

resource "google_workbench_instance" "instance_cpu" {


 name                 = "test"
 location             = "europe-west4"
 desired_state        = “ACTIVE”
 disable_proxy_access = false


 labels = 
   {
     team = “test-team”
     user = “test-user”,
     gpu  = false,
     app  = "test-app"
   }


 gce_setup {
   disable_public_ip = true
   tags              = ["allow-iap-ssh"]
   machine_type      = "e2-medium"


   shielded_instance_config {
     enable_secure_boot          = true
     enable_vtpm                 = true
     enable_integrity_monitoring = true
   }
   # Still need these when creating the instance
   container_image {
     repository = “test-repo”
     tag        = “test-tag”
   }


   boot_disk {
     disk_size_gb    = 150
     disk_type       = “PD_STANDARD”
     disk_encryption = "GMEK"
   }


   data_disks {
     disk_size_gb    = 100
     disk_type       = “PD_STANDARD”
     disk_encryption = "GMEK"
   }


   network_interfaces {
     network = data.google_compute_network.vpc.id
     subnet  = data.google_compute_subnetwork.subnet.id
   }


   service_accounts {
     email = “test_sa”
   }


   metadata = {
     custom-container-payload     = "test-container"
     idle-timeout-seconds         = 2700
     gcs-data-bucket              = "test-bucket"
     post-startup-script-behavior = "download_and_run_every_start"
     post-startup-script          = var.workbench_instances_post_startup_script_gcs_uri
     shutdown-script-url          = var.workbench_instances_shutdown_script_gcs_uri
     notebook-disable-root        = "true"
     block-project-ssh-keys       = true
     container-custom-params      = "-e test_env=’test’"
     startup-script               = <<-SCRIPT
       #!/bin/bash


       echo "test"
     SCRIPT
     cos-update-strategy          = "update_disabled" # default value. added to see no diff in plan and apply
     google-logging-enabled       = true              # default value. added to see no diff in plan and apply
     service-account-mode         = true              # default value. added to see no diff in plan and apply


     ### user defined metadata
     user-email = “test-email”
   }


 }


}

[roaks3]

Thanks @frankcaoyun !

This should be enough to forward to the service team. I took a quick look at the code, and it does appear there is a resource-url value in the metadata that gets set (unclear what conditions are necessary, but the service team probably knows and can cross-reference with your config).

resource-url should be added to the list of server-controlled keys.

[frankcaoyun]

Hi @ roaks3, is there any update of this topic?

[roaks3]

It hasn't been picked up internally, but we of course welcome contributions from anyone willing to make the change (which should be fairly simple here)

[bcreddy-gcp]

Is this still a bug? resource-url is one of the diff suppressed metadata keys.
https://github.com/bcreddy-gcp/magic-modules/blob/714ea99cce118d69f4d226eb774a8038e6beff69/mmv1/templates/terraform/constants/workbench_instance.go.tmpl#L69

[roaks3]

Ah yea, looks like this was fixed with GoogleCloudPlatform/magic-modules#12585 (it wasn't actually released though until Jan 6 (6.15.0) due to the holiday freeze).

@bcreddy-gcp I think the internal issue can be closed as well, thanks for following up.