Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot use an existing SSL policy #475

Open
Vermyndax opened this issue Dec 22, 2024 · 0 comments
Open

Cannot use an existing SSL policy #475

Vermyndax opened this issue Dec 22, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Vermyndax
Copy link

Vermyndax commented Dec 22, 2024
edited
Loading

TL;DR

I can't get this module to locate an existing SSL policy defined by Terraform.

Expected behavior

I have a Terraform resource that is creating a security policy to meet compliance requirements. I should be able to use this SSL policy with this module.

Observed behavior

This module seems to forcibly look for an SSL policy at a different URL, and therefore fails. I have tried referencing the resource URL with .id, .self_link, and .name. None of them work. The same error is returned:

Error: Error setting Backend Service security policy: googleapi: Error 400: Invalid value for field 'resource': '***  "securityPolicy": "projects/(redacted)/global/securityPolicies/minimum-tls"***'. The given security policy does not exist., invalid

The policy does exist.

Terraform Configuration

resource "google_compute_ssl_policy" "minimum_tls" {
  min_tls_version = "TLS_1_2"
  name            = "minimum-tls"
  profile         = "MODERN"
  project         = var.account_id
}

module "sparkpost_lb_https" {
  source  = "terraform-google-modules/lb-http/google//modules/serverless_negs"
  version = "~> 12.0"

  count   = var.environment == "develop" ? 1 : 0 # TODO: Develop only for now
  name    = "sparkpost-lb-${var.environment}"
  project = var.account_id

  ssl = true
  managed_ssl_certificate_domains = [
    var.sparkpost_ssl_domain
  ]
  https_redirect = false

  load_balancing_scheme = "EXTERNAL_MANAGED"

  backends = {
    default = {
      description = "Sparkpost click tracking backend"
      groups = [
        {
          group = google_compute_global_network_endpoint_group.sparkpost_neg[0].id
        }
      ]

      enable_cdn = false

      iap_config = {
        enable = false
      }

      log_config = {
        enable      = true
        sample_rate = 1.0
      }

      security_policy = google_compute_ssl_policy.minimum_tls.self_link
    }
  }
}


### Terraform Version

```sh
1.10.2

Additional information

I tried to force the issue by specifically setting security_policy as such:

security_policy = "projects/${var.account_id}/global/sslPolicies/minimum-tls"

...but I still got the same error, which indicated it was looking for the resource in a completely different area of GCP as above. I am able to select minimum-tis in the console for the frontend configuration after the load balancer is deployed.
@Vermyndax Vermyndax added the bug Something isn't working label Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Vermyndax