data.google_dns_managed_zone always fails with "Post "https://oauth2.googleapis.com/token": context canceled"

[MaWiPPI]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.5.2
on darwin_arm64

Affected Resource(s)

• data.google_dns_managed_zone

Terraform Configuration Files

[
  {
    "data": {
      "google_dns_managed_zone": {
        "control-center-svc-sit-ppi-fs-org": {
          "name": "control-center-svc-sit-ppi-fs-org",
          "project": "control-center-sit-q7jby"
        }
      }
    }
  },
  {
    "terraform": {
      "backend": {
        "gcs": {
          "bucket": "bucket",
          "prefix": "prefix"
        }
      },
      "required_providers": {
        "google": {
          "source": "hashicorp/google",
          "version": "=5.9.0"
        },
        "google-beta": {
          "source": "hashicorp/google-beta",
          "version": "=5.9.0"
        },
      }
    }
  }
]

Debug Output

https://gist.github.com/MaWiPPI/03be103b331a0621131ef7c9198e3df5

Panic Output

No Panic happened.

Expected Behavior

Datasource gets read in correctly. No error on plan.

Actual Behavior

│ Error: Error when reading or editing dataSourceDnsManagedZone "control-center-svc-sit-ppi-fs-org"
│
│ with data.google_dns_managed_zone.control-center-svc-sit-ppi-fs-org,
│ on terraform.tf.json line 37, in [3].data.google_dns_managed_zone.control-center-svc-sit-ppi-fs-org:
│ 37: }
│
│ Get "https://dns.googleapis.com/dns/v1/projects/control-center-sit-q7jby/managedZones/control-center-svc-sit-ppi-fs-org?alt=json&prettyPrint=false": Post "https://oauth2.googleapis.com/token": context canceled

Steps to Reproduce

1. terraform apply

Important Factoids

When authenticating with a static token via access_token, it works.
Service-accounts and ADC don't work.

References

• #0000

b/320447681

[roaks3]

We have an acceptance test here that tests this datasource using a service account to authenticate. This test has been passing, so I would expect it is working as expected, and there could be an issue with authentication happening here.

@MaWiPPI Could you please verify that your authentication setup works with a different resource/datasource? That would help us narrow in on a general auth issue, or an issue specific to this resource.

[MaWiPPI]

This exact setup works and has worked with every other datasource we have tested (e.g. google_active_folder, google_billing_account).
This is the first and only source that makes issues. Weirdly enough, the resource google_dns_managed_zone also works for us.
I would look again if it works with a service-account - by default we are using Application-Default Credentials.
In our tests, we have overwritten these with a service-account via environment-variable, but there might have been an issue actually using the variable.

[johanneswuerbach]

I've also encountered this, creating resources like google_dns_record_set works without issues, but this data source always fails with a Post "https://oauth2.googleapis.com/token": context canceled.

We are also using application default credentials.

[edwardmedia]

@johanneswuerbach Using below config along with application default credentials. I can not repro the issue. Are you able to share the debug log so I can take a closer look?

gcloud auth application-default login

resource "google_dns_managed_zone" "example-zone" {
  name        = "issue16832"
  dns_name    = "example-${random_id.rnd.hex}.com."
  description = "issue16832 DNS zone"
  labels = {
    foo = "bar"
  }
}

resource "random_id" "rnd" {
  byte_length = 4
}

data "google_dns_managed_zone" "env_dns_zone" {
  name = "issue16832"
}

@MaWiPPI please share the update if this is still an issue with you

[johanneswuerbach]

@edwardmedia I was able to replicate it using the following tf.

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.10"
    }
  }

  required_version = ">= 1.3.0"
}

variable "project" {
  type = string
}

variable "credentials" {
  type = string
}

variable "managed_zone" {
  type = string
}

provider "google" {
  project     = var.project
  credentials = var.credentials
}

# This doesn't work
data "google_dns_managed_zone" "main" {
  name = var.managed_zone
}

output "dns_name" {
  value = data.google_dns_managed_zone.main.dns_name
}

# This works
# data "google_compute_regions" "available" {}

# output "available_zones" {
#   value = data.google_compute_regions.available.names
# }

terraform plan -var 'project=project-XYZ' -var 'managed_zone=zone-XYZ' -var "credentials=$(cat ~/.config/gcloud/application_default_credentials.json)"

When I don't pass the default credentials explicitly, the above command works without issues, but for our use case explicit.

Logs:

TF_LOG=debug

2024-01-15T08:32:33.216+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Waiting for state to become: [success] 2024-01-15T08:32:33.509+0100 [INFO] provider.terraform-provider-google_v5.11.0_x5: Terraform is using this identity: XYZ: tf_mux_provider=*proto5server.Server tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_config.go:1571 @module=google tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=f93144d8-d58e-48be-61c6-d92904334c06 timestamp=2024-01-15T08:32:33.509+0100 2024-01-15T08:32:33.509+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined Provider Configure: tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=f93144d8-d58e-48be-61c6-d92904334c06 @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_configureprovider.go:20 @module=sdk.framework tf_mux_provider=*proto5server.Server tf_rpc=ConfigureProvider timestamp=2024-01-15T08:32:33.509+0100 2024-01-15T08:32:33.520+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [INFO] Authenticating using configured Google JSON 'credentials'... 2024-01-15T08:32:33.520+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email] 2024-01-15T08:32:33.520+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [INFO] Authenticating using configured Google JSON 'credentials'... 2024-01-15T08:32:33.520+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email] 2024-01-15T08:32:33.520+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Waiting for state to become: [success] 2024-01-15T08:32:33.649+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [INFO] Terraform is using this identity: XYZ 2024-01-15T08:32:33.649+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] parent context canceled, cleaning up batcher batches 2024-01-15T08:32:33.649+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Stopping batcher "Service Usage" 2024-01-15T08:32:33.649+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] parent context canceled, cleaning up batcher batches 2024-01-15T08:32:33.649+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Stopping batcher "IAM" 2024-01-15T08:32:33.651+0100 [DEBUG] Resource instance state not found for node "data.google_dns_managed_zone.main", instance data.google_dns_managed_zone.main 2024-01-15T08:32:33.651+0100 [INFO] ReferenceTransformer: reference not found: "var.managed_zone" 2024-01-15T08:32:33.651+0100 [DEBUG] ReferenceTransformer: "data.google_dns_managed_zone.main" references: [] 2024-01-15T08:32:33.654+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Calling provider defined DataSource Configure: tf_provider_addr=registry.terraform.io/hashicorp/google @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_validatedatasourceconfig.go:39 @module=sdk.framework tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af tf_rpc=ValidateDataSourceConfig timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.654+0100 [INFO] provider.terraform-provider-google_v5.11.0_x5: Instantiating Google Cloud DNS client for path https://dns.googleapis.com: @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_provider_clients.go:27 @module=google tf_rpc=ConfigureProvider tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=f93144d8-d58e-48be-61c6-d92904334c06 timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.654+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined DataSource Configure: tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server tf_rpc=ValidateDataSourceConfig @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_validatedatasourceconfig.go:41 timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.655+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Calling provider defined Type Validate: @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af tf_rpc=ValidateDataSourceConfig @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwschemadata/data_value.go:78 tf_attribute_path=managed_zone_id tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.655+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined Type Validate: tf_attribute_path=managed_zone_id tf_provider_addr=registry.terraform.io/hashicorp/google tf_rpc=ValidateDataSourceConfig @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwschemadata/data_value.go:80 tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af @module=sdk.framework timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.655+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Calling provider defined Type Validate: tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af tf_rpc=ValidateDataSourceConfig @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwschemadata/data_value.go:78 @module=sdk.framework tf_attribute_path=name_servers tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server tf_provider_addr=registry.terraform.io/hashicorp/google timestamp=2024-01-15T08:32:33.654+0100 2024-01-15T08:32:33.655+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined Type Validate: @module=sdk.framework tf_attribute_path=name_servers tf_data_source_type=google_dns_managed_zone tf_mux_provider=*proto5server.Server tf_req_id=43e78a10-0fb6-4ca0-e626-c229fe4964af tf_rpc=ValidateDataSourceConfig @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwschemadata/data_value.go:80 tf_provider_addr=registry.terraform.io/hashicorp/google timestamp=2024-01-15T08:32:33.655+0100 data.google_dns_managed_zone.main: Reading... 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Calling provider defined DataSource Configure: tf_mux_provider=*proto5server.Server tf_data_source_type=google_dns_managed_zone tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=cd022113-f0cc-3558-022d-2a51966cce40 @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_readdatasource.go:43 @module=sdk.framework tf_rpc=ReadDataSource timestamp=2024-01-15T08:32:33.657+0100 2024-01-15T08:32:33.657+0100 [INFO] provider.terraform-provider-google_v5.11.0_x5: Instantiating Google Cloud DNS client for path https://dns.googleapis.com: @caller=github.com/hashicorp/terraform-provider-google/google/fwtransport/framework_provider_clients.go:27 tf_mux_provider=*schema.GRPCProviderServer tf_req_id=f93144d8-d58e-48be-61c6-d92904334c06 @module=google tf_provider_addr=registry.terraform.io/hashicorp/google tf_rpc=ConfigureProvider timestamp=2024-01-15T08:32:33.657+0100 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined DataSource Configure: tf_provider_addr=registry.terraform.io/hashicorp/google tf_mux_provider=*proto5server.Server tf_data_source_type=google_dns_managed_zone tf_req_id=cd022113-f0cc-3558-022d-2a51966cce40 tf_rpc=ReadDataSource @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_readdatasource.go:45 @module=sdk.framework timestamp=2024-01-15T08:32:33.657+0100 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Calling provider defined DataSource Read: tf_mux_provider=*proto5server.Server tf_req_id=cd022113-f0cc-3558-022d-2a51966cce40 tf_rpc=ReadDataSource @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_readdatasource.go:74 @module=sdk.framework tf_data_source_type=google_dns_managed_zone tf_provider_addr=registry.terraform.io/hashicorp/google timestamp=2024-01-15T08:32:33.657+0100 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Retry Transport: starting RoundTrip retry loop 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Retry Transport: request attempt 0 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Google API Request Details: 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: ---[ REQUEST ]--------------------------------------- 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: GET /dns/v1/projects/project-XYZ/managedZones/zone-XYZ?alt=json&prettyPrint=false HTTP/1.1 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Host: dns.googleapis.com 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: User-Agent: google-api-go-client/0.5 Terraform/1.5.7 (+https://www.terraform.io) Terraform-Plugin-SDK/terraform-plugin-framework terraform-provider-google/5.11.0 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: X-Goog-Api-Client: gl-go/1.20.12 gdcl/0.154.0 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Accept-Encoding: gzip 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024-01-15T08:32:33.657+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024-01-15T08:32:33.658+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: ----------------------------------------------------- 2024-01-15T08:32:33.658+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Retry Transport: Stopping retries, last request failed with non-retryable error: Post "https://oauth2.googleapis.com/token": context canceled 2024-01-15T08:32:33.658+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] Retry Transport: Returning after 1 attempts 2024-01-15T08:32:33.658+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: Called provider defined DataSource Read: tf_data_source_type=google_dns_managed_zone tf_req_id=cd022113-f0cc-3558-022d-2a51966cce40 @caller=github.com/hashicorp/terraform-plugin-framework@v1.1.1/internal/fwserver/server_readdatasource.go:76 @module=sdk.framework tf_mux_provider=*proto5server.Server tf_provider_addr=registry.terraform.io/hashicorp/google tf_rpc=ReadDataSource timestamp=2024-01-15T08:32:33.657+0100 2024-01-15T08:32:33.658+0100 [ERROR] provider.terraform-provider-google_v5.11.0_x5: Response contains error diagnostic: tf_provider_addr=registry.terraform.io/hashicorp/google tf_req_id=cd022113-f0cc-3558-022d-2a51966cce40 @module=sdk.proto diagnostic_summary="Error when reading or editing dataSourceDnsManagedZone "zone-XYZ"" tf_data_source_type=google_dns_managed_zone tf_proto_version=5.3 tf_rpc=ReadDataSource @caller=github.com/hashicorp/terraform-plugin-go@v0.14.3/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail="Get "https://dns.googleapis.com/dns/v1/projects/project-XYZ/managedZones/zone-XYZ?alt=json&prettyPrint=false": Post "https://oauth2.googleapis.com/token": context canceled" diagnostic_severity=ERROR timestamp=2024-01-15T08:32:33.658+0100 2024-01-15T08:32:33.658+0100 [ERROR] vertex "data.google_dns_managed_zone.main" error: Error when reading or editing dataSourceDnsManagedZone "zone-XYZ" 2024-01-15T08:32:33.658+0100 [ERROR] vertex "data.google_dns_managed_zone.main (expand)" error: Error when reading or editing dataSourceDnsManagedZone "zone-XYZ" 2024-01-15T08:32:33.659+0100 [INFO] backend/local: plan operation completed

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Error when reading or editing dataSourceDnsManagedZone "zone-XYZ"
│
│ with data.google_dns_managed_zone.main,
│ on main.tf line 30, in data "google_dns_managed_zone" "main":
│ 30: data "google_dns_managed_zone" "main" {
│
│ Get "https://dns.googleapis.com/dns/v1/projects/project-XYZ/managedZones/zone-XYZ?alt=json&prettyPrint=false": Post "https://oauth2.googleapis.com/token":
│ context canceled
╵
2024-01-15T08:32:33.683+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] [transport] [server-transport 0x14001779d40] Closing: Server.Stop called
2024-01-15T08:32:33.683+0100 [DEBUG] provider.terraform-provider-google_v5.11.0_x5: 2024/01/15 08:32:33 [DEBUG] [transport] [server-transport 0x14001779d40] loopyWriter exiting with error: transport closed by client
2024-01-15T08:32:33.683+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-01-15T08:32:33.685+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/google/5.11.0/darwin_arm64/terraform-provider-google_v5.11.0_x5 pid=27967
2024-01-15T08:32:33.685+0100 [DEBUG] provider: plugin exited


[SarahFrench]

@edwardmedia I think the underlying reason here could be that the data source is implemented with the plugin-framework. That's why resources behave as expected while data sources experience this error.

[edwardmedia]

Yes I see the diff in the code between its resource and data source. Thanks @SarahFrench for pointing that out

[fulljackz]

Hi there, I also have the same issue here. Any idea about a working provider version or a quick workaround to make it works temporarily ?

Regards,

[MaWiPPI]

What worked for me is instead of naming the environment variable GOOGLE_CREDENTIALS to pass the google application credentials, I would use GOOGLE_APPLICATION_CREDENTIALS instead. We had used GOOGLE_CREDENTIALS before in order to use one environment variable for both the state (in gcs) and the provider.

[fulljackz]

What worked for me is instead of naming the environment variable GOOGLE_CREDENTIALS to pass the google application credentials, I would use GOOGLE_APPLICATION_CREDENTIALS instead. We had used GOOGLE_CREDENTIALS before in order to use one environment variable for both the state (in gcs) and the provider.

It works, thanks for the hint !

[JakeCooper]

Unfortunately that doesn't seem to work

I've added the roles/dns.admin and it still doesn't work either :/

[fulljackz]

@JakeCooper I just had the same problem two month later and I came back here by chance :D

Are you using gcloud cli to authenticate ?
Are you using the GOOGLE_APPLICATION_CREDENTIALS and GOOGLE_CREDENTIALS variables ?

The working solution for me is to unset theses variables if they are set, and try to reconnect using gcloud auth application-default login

[JakeCooper]

Holy hell what are the odds!

I only set GOOGLE_APPLICATION_CREDENTIALS

I point that to the service-account.json file

Then I do gcloud auth activate-service-account --key-file= --quiet

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

[SarahFrench]

I'm doing some manual testing to ensure that this bug is addressed by GoogleCloudPlatform/magic-modules#11903

Background

The bug in this GH issue was that that the data.google_dns_managed_zone (plugin-framework implemented at the time the issue was opened) would have the error shown above when the provider was configured using application default credentials (ADCs). However this was only if the ADCs were explicitly passed to the provider, e.g. as the value of credentials in the provider block or as an environment variable like GOOGLE_CREDENTIALS. If the ADCs were not explicitly passed into the provider, i.e. they were pulled in by the client library, then the error would not occur.

Due to this, plus the fact the data source had been migrated to the plugin-framework, it was clear there was a problem in the (PF-specific) configuration handling logic that uses user inputs to configure the provider. At the time the fastest way to resolve the issue was to migrate the data sources back to the SDK, as that would mean that the original SDK implemented configuration handling logic would affect this data source again. This resolved the issue.

My manual reproduction

terraform {
  required_providers {
    google = {
      source = "registry.terraform.io/hashicorp/google"
      # version = "4.8.0" # No problem
      version = "5.10.0" # Fails on terraform plan
    }
  }

  required_version = ">= 1.3.0"
}

variable "dns_zone" {
  type = string
}

# This data source is impacted by the issue
data "google_dns_managed_zone" "main" {
  name = var.dns_zone
}

output "dns_name" {
  value = data.google_dns_managed_zone.main.dns_name
}

1. Run gcloud auth application-default login so that ADCs are made locally
2. Set these environment variables in your terminal session:
   • GOOGLE_PROJECT=<project-id-here>
   • GOOGLE_CREDENTIALS=~/.config/gcloud/application_default_credentials.json
3. In the folder containing the Terrform config above, run:
   • terraform init
     • Will install v5.10.0
4. Then, run:
   • terraform plan --var dns_zone=<name of existing managed zone in your project>

You will see:

Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: Error when reading or editing dataSourceDnsManagedZone ""
│
│ with data.google_dns_managed_zone.main,
│ on main.tf line 18, in data "google_dns_managed_zone" "main":
│ 18: data "google_dns_managed_zone" "main" {
│
│ Get "https://dns.googleapis.com/dns/v1/projects//managedZones/?alt=json&prettyPrint=false": Post
│ "https://oauth2.googleapis.com/token": context canceled

Demonstrating the muxing fixes have addressed the issue

Following doing the above you can test how the provider performs after muxing has been fixed using this branch of my forked repo: https://github.com/SarahFrench/terraform-provider-google/tree/test-mux-fix-data-dns-managed-zone

That branch includes the changes from GoogleCloudPlatform/magic-modules#11903 and also includes a version of data.google_dns_managed_zone that has been migrated back to the plugin-framework.

After pulling that code you can use make build in the repo's root to install it as a binary at ~/go/bin/terraform-provider-google.

You'll need to use provider development overrides to run the manual test above in a way that uses that local binary.

When I enable provider development overrides and re-run terraform plan --var dns_zone=<name of existing managed zone in your project> I see a successful plan output:

╷
│ Warning: Provider development overrides are in effect
│ 
│ The following provider development overrides are set in the CLI configuration:
│  - hashicorp/google in /Users/sarahfrench/go/bin
│  - hashicorp/google-beta in /Users/sarahfrench/go/bin
│ 
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵
data.google_dns_managed_zone.main: Reading...
data.google_dns_managed_zone.main: Read complete after 0s [id=projects/<project-id>/managedZones/<name>]

Changes to Outputs:
  + dns_name = "<name>"

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

Conclusion

I believe the muxing fixes have addressed the root cause of this issue by allowing the original configuration handling logic to be used for both provider implementations within the muxed Google provider. I believe the original issue was due to a defect in the new configuration handling logic that was implemented when the plugin-framework provider was added via muxing.