google_gke_hub_feature: User cannot unset fleet default member config in TF

[sahsagar-google]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform vX.X.X
on

• provider registry.terraform.io/hashicorp/google vX.X.X
• provider registry.terraform.io/hashicorp/google-beta vX.X.X

Affected Resource(s)

google_gke_hub_feature

Terraform Configuration

Debug Output

No response

Expected Behavior

Removing fleet_default_member_config from feature should be able to disable/delete/patch it

Actual Behavior

Assume the user has the following TF configuration for their FDC:

resource "google_gke_hub_feature" "feature" {
  name = "configmanagement"
  location = "global"
  provider = google
  fleet_default_member_config {
    configmanagement {
      # version = "1.17.0" # Use the default latest version; if specifying a version, it must be at or after 1.17.0
      config_sync {
        source_format = "unstructured"
        git {
          sync_repo = "/~https://github.com/GoogleCloudPlatform/anthos-config-management-samples"
          sync_branch = "main"
          policy_dir = "fleet-tenancy/config"
          secret_type = "none"
        }
      }
    }
  }
}

If they wanted to remove the FDC, they would edit the spec as follows (note how the entire fleet_default_member_config block is removed):

resource "google_gke_hub_feature" "feature" {
  name = "configmanagement"
  location = "global"
  provider = google
}

Doing so results in an error (see https://paste.googleplex.com/6020001638645760). It turns out that our logic for updating the Feature resource has a small bug. It's something we addressed in the gcloud implementation but failed to do in TF.

Basically, during the feature update we should make sure we always set the name of the resource to ensure that at least one field in the resource is being sent to the server. Here is an example of what we did on the gcloud side:

https://source.corp.google.com/piper///depot/google3/third_party/py/googlecloudsdk/surface/container/fleet/mesh/disable.py;l=69

Of course, the alternative is to fetch the full resource first, edit the fields you want to edit and then send that over. That would also ensure at least the name field is set.

Steps to reproduce

1. terraform apply

Important Factoids

No response

References

No response

b/347775033

[ggtisc]

Confirmed issue!

When the google_gke_hub_feature resource is created with a fleet_default_member_config and then it is attempted to change the resource removing the fleet_default_member_config Which is optional according to terraform registry, this result on an error 400:

MissingFieldError for field resource: resource is required

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.