active_apis shared vpc access bindings are incomplete (does not include "cloudfunctions.googleapis.com") #1008
Description
TL;DR
Note this:
It does not include "cloudfunctions.googleapis.com".
If the module is going to go the extra mile and support auto creating perms for services on the shared VPC it should be exhaustive otherwise its confusing and disjointed to have to have to handle some and have others manually configured via my own binding resources
Expected behavior
If "cloudfunctions.googleapis.com" api is activated shared vpc module should assign the same perm it does for the cloud run api:
"run.googleapis.com" : {
service_account = format("service-%[email protected]", local.service_project_number)
role = "roles/compute.networkUser"
}
Observed behavior
shared vpc module doesn't account for"cloudfunctions.googleapis.com"
Terraform Configuration
module "my_module" {
source = "terraform-google-modules/project-factory/google"
.....
activate_apis = ["cloudfunctions.googleapis.com"]
...
svpc_host_project_id = "my-proj"
shared_vpc_subnets = ["net1","net2"]
}Terraform Version
Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v7.6.0
+ provider registry.terraform.io/hashicorp/google-beta v7.6.0
+ provider registry.terraform.io/hashicorp/null v3.2.4
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1Terraform Provider Versions
Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v7.6.0
+ provider registry.terraform.io/hashicorp/google-beta v7.6.0
+ provider registry.terraform.io/hashicorp/null v3.2.4
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1Additional information
You also need to avoid issues where it tries to create the same binding if both run and cloud functions service is enabled