google_gke_hub_feature_membership fails apply with a 404 error

[ferrarimarco]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.5.7
on

• provider registry.terraform.io/hashicorp/google v6.15.0
• provider registry.terraform.io/hashicorp/google-beta v6.15.0

Same results with the following versions of both GA and beta providers: v6.9.0, v6.12.0

Affected Resource(s)

google_gke_hub_feature_membership

Terraform Configuration

data "google_container_cluster" "cluster" {
  location = "us-central1"
  name     = "cluster-name"
  project  = data.google_project.default.project_id
}


resource "google_gke_hub_feature" "servicemesh" {
  location = "global"
  name     = "servicemesh"
  project  = google_project_service.mesh_googleapis_com.project

  fleet_default_member_config {
    mesh {
      management = "MANAGEMENT_AUTOMATIC"
    }
  }
}

resource "google_gke_hub_feature_membership" "cluster_servicemesh" {
  feature    = google_gke_hub_feature.servicemesh.name
  location   = google_gke_hub_feature.servicemesh.location
  membership = data.google_container_cluster.cluster.name
  project    = google_project_service.mesh_googleapis_com.project

  mesh {
    management = "MANAGEMENT_AUTOMATIC"
  }
}

data "google_project" "default" {
  project_id = var.cluster_project_id
}

resource "google_project_service" "mesh_googleapis_com" {
  disable_dependent_services = false
  disable_on_destroy         = true
  project                    = google_project_service.meshconfig_googleapis_com.project
  service                    = "mesh.googleapis.com"
}

resource "google_project_service" "meshconfig_googleapis_com" {
  disable_dependent_services = false
  disable_on_destroy         = true
  project                    = data.google_project.default.project_id
  service                    = "meshconfig.googleapis.com"
}

Debug Output

Working on getting this because once I configured the membership manually, I wasn't able to reproduce the issue.

Expected Behavior

terraform apply to succeed.

Actual Behavior

Got this error when running terraform apply:

google_gke_hub_feature_membership.cluster_servicemesh: Creating...
╷
│ Error: Error creating FeatureMembership: googleapi: Error 404: feature membership not found in feature membership specs
│ 
│   with google_gke_hub_feature_membership.cluster_servicemesh,
│   on feature.tf line 29, in resource "google_gke_hub_feature_membership" "cluster_servicemesh":
│   29: resource "google_gke_hub_feature_membership" "cluster_servicemesh" {
│ 
╵

Steps to reproduce

1. Create a new Google Cloud project (don't use an existing project)
2. Run terraform apply against that project

Important Factoids

• The actual cluster creation resource doesn't seem to matter.
• google_gke_hub_feature_membership arguments are correct. I double checked them using the gcloud container hub memberships list command.
• The google_gke_hub_feature_membership is correct. I validated this by doing the following:
  1. Manually configure the membership with the following command: gcloud container fleet mesh update --management automatic --memberships cluster-name --location global
  2. Import the google_gke_hub_feature_membership in the Terraform state
  3. terraform plan doesn't report any change against the google_gke_hub_feature_membership resource.
• After manually configuring the membership as described above, the google_gke_hub_feature_membership starts working as expected.

References

No response

[ggtisc]

Hi @ferrarimarco

Looking in the terraform registry documentation (link here) and in the error message you have to use a google_gke_hub_membership.id instead of a google_container_cluster.name for the google_container_cluster.membership argument like this:

resource "google_gke_hub_membership" "my_membership" {
  membership_id = "my-membership"

  endpoint {
    gke_cluster {
      resource_link = "//container.googleapis.com/${data.google_container_cluster.cluster.id}"
    }
  }
}

resource "google_gke_hub_feature_membership" "cluster_servicemesh" {
    # some code
    membership = google_gke_hub_membership.my_membership.id
}

I've tried with the terraform registry example adapting the code to yours and had no errors

[ferrarimarco]

Hi @ggtisc, thanks for your support here. After trying with your suggestion, I get this error:

╷
│ Error: Error creating FeatureMembership: operation received error: error code "13", message: an internal error has occurred, details: []
│  details: map[]

on the first terraform apply.

I tried with a second apply, and it worked. Strange. Let me see if I can capture a debug log.

Update: the name attribute of google_gke_hub_feature_membership seems to accept both google_gke_hub_feature.name and google_gke_hub_feature.id because it works with either of those values.

[ggtisc]

Try with this example and then change names and variables according to your needs:

data "google_project" "project_20847" {
  project_id = "my-project"
}

resource "google_project_service" "project_service_meshconfig_20847" {
  disable_dependent_services = false
  disable_on_destroy         = true
  project                    = data.google_project.project_20847.project_id
  service                    = "meshconfig.googleapis.com"
}

resource "google_project_service" "project_service_mesh_20847" {
  disable_dependent_services = false
  disable_on_destroy         = true
  project                    = google_project_service.project_service_meshconfig_20847.project
  service                    = "mesh.googleapis.com"
}

resource "google_gke_hub_feature" "gke_hub_feature_20847" {
  location = "global"
  name     = "servicemesh"
  project  = google_project_service.project_service_mesh_20847.project

  fleet_default_member_config {
    mesh {
      management = "MANAGEMENT_AUTOMATIC"
    }
  }
}

# resource "google_container_cluster" "cluster_20847" {
#   name               = "cluster-20847"
#   location           = "us-central1-a"
#   initial_node_count = 1
# }

data "google_container_cluster" "cluster_20847" {
  location = "us-central1-a"
  name     = "cluster-20847"
  project  = data.google_project.project_20847.project_id
}

resource "google_gke_hub_membership" "gke_hub_membership_20847" {
  membership_id = "gke-hub-membership-20847"

  endpoint {
    gke_cluster {
      resource_link = "//container.googleapis.com/${data.google_container_cluster.cluster_20847.id}"
    }
  }
}

resource "google_gke_hub_feature_membership" "gke_hub_feature_membership_20847" {
  feature    = google_gke_hub_feature.gke_hub_feature_20847.name
  location   = google_gke_hub_feature.gke_hub_feature_20847.location
  membership = google_gke_hub_membership.gke_hub_membership_20847.id
  project    = google_project_service.project_service_mesh_20847.project

  mesh {
    management = "MANAGEMENT_AUTOMATIC"
  }
}