Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global Search and Global Tagging private endpoint generation appear incorrect #4843

Open
cjschaef opened this issue Oct 4, 2023 · 3 comments
Open

Global Search and Global Tagging private endpoint generation appear incorrect #4843

cjschaef opened this issue Oct 4, 2023 · 3 comments

Comments

@cjschaef
Copy link

cjschaef commented Oct 4, 2023
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

TF: 1.3.7 (I believe)
IBM TF: 1.56.0

Affected Resource(s)

  • ibm_is_*. (unlear if it affects all VPC resources, but whenever Global Search and Global Tagging are used)

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please share a link to the ZIP file.

Debug Output

This code is generating the Global Search private endpoint, using a regional url

terraform-provider-ibm/ibm/conns/config.go

Line 1968 in 0b2c15e

globalSearchEndpoint = ContructEndpoint(fmt.Sprintf("api.private.%s", globalSearchRegion), fmt.Sprintf("global-search-tagging.%s", cloudEndpoint))

While the doc for VPC expects a global private endpoint.

This code is generating the Global Tagging private endpoint, using a regional url

terraform-provider-ibm/ibm/conns/config.go

Line 1939 in 0b2c15e

globalTaggingEndpoint = ContructEndpoint(fmt.Sprintf("tags.private.%s", globalTaggingRegion), fmt.Sprintf("global-search-tagging.%s", cloudEndpoint))

While the doc for VPC expects a global private endpoint.

time="2023-09-18T18:03:29Z" level=error msg="  with module.vpc.ibm_is_security_group.cluster_wide,"
time="2023-09-18T18:03:29Z" level=error msg="  on vpc/security-groups.tf line 12, in resource \"ibm_is_security_group\" \"cluster_wide\":"
time="2023-09-18T18:03:29Z" level=error msg="  12: resource \"ibm_is_security_group\" \"cluster_wide\" {"
time="2023-09-18T18:03:29Z" level=error
time="2023-09-18T18:03:29Z" level=error
time="2023-09-18T18:03:29Z" level=error msg="Error: 1 error occurred:"
time="2023-09-18T18:03:29Z" level=error msg="\t* Get \"https://tags.private.us-east.global-search-tagging.cloud.ibm.com/v3/tags?tag_type=access\": dial tcp: lookup tags.private.us-east.global-search-tagging.cloud.ibm.com on 127.0.0.53:53: no such host"

Panic Output

Expected Behavior

Proper endpoints for Global Search and Global Tagging based on private endpoint enablement, for example, using a VPC private endpoint. Without having to also set additional private endpoints unexpectedly.

Actual Behavior

Global Search and Global Tagging private endpoints built within the TF provider, appear invalid based on documentation (nor can I create VPE's for those regional endpoints, only global).

Steps to Reproduce

  1. Attempt to create VPC resources, specifying a private VPC endpoint.

Important Factoids

References
@andreainnocenti
Copy link

private endpoints are documented in https://cloud.ibm.com/apidocs/tagging, the us-east endpoint does not exist.

@toddgiguere
Copy link

We are also seeing the same behavior when setting provider visibility to private and setting the access_tags property of the ibm_is_vpc. If we are deploying to a region not in the classic endpoint list (like us-east or ca-tor) we see this error during terraform plan time:

2024/12/10 18:05:25 Terraform plan | Error: ---
 2024/12/10 18:05:25 Terraform plan | id: terraform-e872e09b
 2024/12/10 18:05:25 Terraform plan | summary: "1 error occurred:\n\t* Get \"https://tags.private.us-east.global-search-tagging.cloud.ibm.com/v3/tags?tag_type=access\":
 2024/12/10 18:05:25 Terraform plan |   dial tcp: lookup tags.private.us-east.global-search-tagging.cloud.ibm.com on 172.21.0.10:53:
 2024/12/10 18:05:25 Terraform plan |   no such host\n\n"
 2024/12/10 18:05:25 Terraform plan | severity: error
 2024/12/10 18:05:25 Terraform plan | resource: ibm_is_vpc
 2024/12/10 18:05:25 Terraform plan | operation: CustomizeDiff
 2024/12/10 18:05:25 Terraform plan | component:
 2024/12/10 18:05:25 Terraform plan |   name: github.com/IBM-Cloud/terraform-provider-ibm
 2024/12/10 18:05:25 Terraform plan |   version: 1.71.3
 2024/12/10 18:05:25 Terraform plan | ---

resource "ibm_is_vpc" "vpc" {
  ........
  access_tags                 = var.access_tags
  ........
}

@ocofaigh
Copy link
Contributor

Looks like there is a draft PR: #5832

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cjschaef @ocofaigh @andreainnocenti @toddgiguere