DLP inspect template resource not allowing "default" per_info_type limit

[AdamMAtWork]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.8.3
on darwin_amd64

• provider registry.terraform.io/hashicorp/google v5.29.1
• provider registry.terraform.io/hashicorp/google-beta v5.29.1

Affected Resource(s)

google_data_loss_prevention_inspect_template

Terraform Configuration

resource "google_data_loss_prevention_inspect_template" "inspect_config" {
  parent       = var.parent
  template_id  = "bug_report_sample"
  description  = "sample inspect template with default max_findings_per_info_type limit"
  display_name = "Bug Report sample"

  inspect_config {
    limits             {
      max_findings_per_request = 333
      max_findings_per_item = 222
      max_findings_per_info_type {
        # the entry with no info_type is supposed to act as a way to specify the default value
        # used by all info_types that don't specify their own limit
        max_findings = 111
      }
    }
  }
}

variable "parent" {
  type        = string
}

Debug Output

No response

Expected Behavior

According to the API documentaion for InfoTypeLimit:

If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit.

This describes a method to set a default limit for all info_type entries.

The google terraform provider includes the resource google_data_loss_prevention_inspect_template, which support the inspect_config.limits block as an argument. This limits block accepts a max_findings_per_info_type block, which correlates to the above API object.

Via the API explorer, I am able to create an inspect template with a limits block containing a maxFindingsPerInfoType entry consisting of only a maxFindings - no infoType is required. This matches the documentation.

I'm expecting to be able to do the same via the terraform provider.

Actual Behavior

Rather than accept a maxFindingsPerInfoType limit with no info_type block (to set the default per_info_type limit) the provider exits with the following error

│ Error: Insufficient info_type blocks
│
│   on inspect_template.tf line 11, in resource "google_data_loss_prevention_inspect_template" "inspect_config":
│   11:       max_findings_per_info_type {
│
│ At least 1 "info_type" blocks are required.

The terraform provider is not allowing me to set the default "per_info_type_limit".

Steps to reproduce

1. Run terraform plan with the terraform config attached to this ticket

Important Factoids

No response

References

No response

b/341993420

[patrickmoy]

Received in buganizer on DLP end; will be fixing shortly