Query instance Guest Attributes

[md-magenta]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Instances have a specific type of custom metadata called Guest attributes. Unlike normal metadata, the applications on the instance can write to guest attributes while the VM is running.

The Terraform provider does not contain a resource or attribute to query these guest attributes.

The Compute Engine API contains a getGuestAttributes method.

New or Affected Resource(s)

• resource.google_compute_instance
• data.google_compute_instance

And likely others that where a VM is the backing resource.

Potential Terraform Configuration

Create a VM with the current google_compute_instance resource and guest attributes enabled:

resource "google_compute_instance" "minion" {
  # […]
  metadata = {
    "enable-guest-attributes" = "TRUE",
  }
}

Set a guest attribute on the VM:

curl -s -X PUT --data "Hello world" http://metadata.google.internal/computeMetadata/v1/instance/guest-attributes/my-namespace/my-key -H "Metadata-Flavor: Google"

The requested enhancement to the data source where it contains the attribute guest_attributes:

data "google_compute_instance" "myapp" {
  # […]
}
# > data.google_compute_instance.myapp.guest_attributes
# tomap({
#   "my-namespace" = {
#     "my-key" = "Hello world"
#   }
# })

Workaround

I have implemented this with an External Data Source.

data "external" "myapp_guest_attributes" {
  program  = ["${path.module}/guest-attributes.sh"]

  query = {
    instance = myapp
  }
}

guest-attributes.sh:

#!/bin/bash
set -e

eval "$(jq -r '@sh "INSTANCE=\(.instance)"')"

gcloud compute instances \
       get-guest-attributes \
       --query-path my-namespace/my-key \
       --format 'json(value)' \
       "$INSTANCE" \
    | jq '.[0]'

It works, but my problem with this approach is the non-portable dependency of google-cloud-sdk and jq.

My specific use-case

I install salt-minion on the VMs to hand over the management to a salt-master. salt-minion generates a key-pair. The public key is added to Guest Attributes. Terraform picks it up from Guest Attributes and add it to the configuration of the salt-master.

This is vaguely similar to the problem of having an instance send a signal to terraform described in hashicorp/terraform#4668 (comment).

b/308756204

[shuyama1]

After investigation, this sounds like a request of a new google_compute_instance_guest_attributes data source, using the API https://cloud.google.com/compute/docs/reference/rest/v1/instances/getGuestAttributes.

[traut]

any chance this will be prioritised?

[karolgorc]

Working on the new google_compute_instance_guest_attributes data source