Problem with datadource google_certificate_manager_certificates

[mXtone]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

$ terraform --version
Terraform v1.9.5
on linux_amd64

• provider registry.terraform.io/hashicorp/google v6.4.0
• provider registry.terraform.io/hashicorp/google-beta v6.4.0
• provider registry.terraform.io/hashicorp/random v3.6.3

Affected Resource(s)

data.google_certificate_manager_certificates

Terraform Configuration

1 option:

data "google_certificate_manager_certificates" "cert" {
  project = var.project-id
  filter = "name:projects/${var.project-id}/locations/GLOBAL/certificates/cert"
}

2 option:

data "google_certificate_manager_certificates" "cert" {
  filter = "name:projects/${var.project-id}/locations/GLOBAL/certificates/cert"
}

Debug Output

No response

Expected Behavior

Create data object certificate

Actual Behavior

I got 2 errors:

1 option(error on validate):

│ 
│   on xxx.tf line xxx, in data "google_certificate_manager_certificates" "cert":
│  xxx:   project = var.project-id
│ 
│ An argument named "project" is not expected here.

2 option(error on plan):

│ 
│   with data.google_certificate_manager_certificates.certificate_calend_cloud,
│   on xxx.tf line xxx, in data "google_certificate_manager_certificates" "cert":
│  xxx: data "google_certificate_manager_certificates" "cert" {
│ 
I don't know if I'm doing something wrong or there's a bug in implementation.

Steps to reproduce

Use 1 option code with terraform validate command or use 2 code option with terraform plan command

Important Factoids

No response

References

No response

b/371425212

[ggtisc]

Confirmed issue!

When trying to use the project argument it returns a message saying: Unexpected attribute: An attribute named "project" is not expected here

On the other hand I got no errors using this configuration. I suggest you check your project name and certificate name and try again.

Used configuration:

# Pre-created resource:
# resource "google_certificate_manager_certificate" "cm_certificate_19660" {
#   name        = "cm-certificate-19660"
#   location    = "us-central1"

#   self_managed {
#     pem_certificate = file("./utils/cert.pem")
#     pem_private_key = file("./utils/key.pem")
#   }
# }

data "google_certificate_manager_certificates" "cm_certificate_19660" {
  # project = "my-project"
  filter = "name:projects/my-project/locations/GLOBAL/certificates/cm-certificate-19660"
}

[mXtone]

Thanks for checking and yes, when I use this configuration in my project it works. I usually don't use provider block with project configuration.

provider "google" {
  project = "my-project"
}

[Hamzawy63]

Thanks for raising up this issue @mXtone

Just to double check, this issue is not a blocker for defining a Certificate data source, right? (As the project value can be injected directly in the filter value as pointed by @ggtisc)

On the other hand, as per my initial investigation, it seems that the root cause of the issue is the missing definition of the project argument in the data source definition of the data resource Certificate: https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/services/certificatemanager/data_source_google_certificate_manager_certificates.go#L12. Ideally, it should contain something like tpgresource.AddOptionalFieldsToSchema(dsSchema, "project") similar to https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/services/certificatemanager/data_source_google_certificate_manager_certificate_map.go#L15C2-L15C60

So I believe that a PR is needed by the service team/contributors to address the root cause of this issue if the analysis is correct.

[ran-bp]

I can verify this is still an issue with

terraform {
  required_version = ">= 1.10.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 6.13"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = "~> 6.13"
    }
  }
}

This is my data source now:

data "google_certificate_manager_certificates" "default" {
  filter = "project:${data.google_project.bootstrap.number} AND name:api-${var.environment}-cert"
}

and I get an error

│ Error: error fetching project for certificate: project: required field is not set
│ 
│   with module.load_balancer.data.google_certificate_manager_certificates.default,
│   on ../../modules/load_balancer/main.tf line 49, in data "google_certificate_manager_certificates" "default":
│   49: data "google_certificate_manager_certificates" "default" {

when trying to add project, I get this error:

│ Error: Unsupported argument
│ 
│   on ../../modules/load_balancer/main.tf line 51, in data "google_certificate_manager_certificates" "default":
│   51:   project = var.bootstrap_project_id
│ 
│ An argument named "project" is not expected here.

I can't set the project at the provider level; this repository has terraform code for multiple projects that all share one definition of provider versions (DRY).

For me this renders this data source unusable.
I'm also surprised there's no simple getter for a specific certificate and that we have to use a filter and then refer to result[0].