googleapi: Error 400: The 'entity.managedZone.dnssecConfig' parameter is required but was missing

[arkadiusz-konopka-collibra]

I have Jenkins X running in GCP, after switching the source in my terraform to github.com/jenkins-x/terraform-google-jx?ref=v1.11.2 I've started to have an error from google API with the required dnssecConfig parameter.

Error message:

module.jx.module.dns.google_dns_managed_zone.externaldns_managed_zone_with_sub[0]: Modifying... [id=projects/cicd-jenkinsx-prd/managedZones/dev-jx-xxxxx-dev-sub]
╷
│ Error: Error updating ManagedZone "projects/cicd-jenkinsx-prd/managedZones/dev-jx-xxxxx-dev-sub": googleapi: Error 400: The 'entity.managedZone.dnssecConfig' parameter is required but was missing., required
│ 
│   with module.jx.module.dns.google_dns_managed_zone.externaldns_managed_zone_with_sub[0],
│   on .terraform/modules/jx/modules/dns/main.tf line 37, in resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub":
│   37: resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub" {
│ 
╵
Releasing state lock. This may take a few moments...

Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

I have figured out that the dnssec_config is missing in .terraform/modules/jx/modules/dns/main.tf so I have forked the terraform-google-jx, added the missing configuration, and used it to deploy my infrastructure without errors.
It would be nice if a similar solution could be applied to the official repo because for now, it's a blocker for Jenkins X infrastructure deployment on GCP.

Below is the resource with my patch in main.tf and variables.tf:

// if we have a subdomain managed the zone here and add recordsets to the apex zone
resource "google_dns_managed_zone" "externaldns_managed_zone_with_sub" {
  count = var.apex_domain != "" && var.subdomain != "" ? 1 : 0

  name        = "${replace(var.subdomain, ".", "-")}-${replace(var.apex_domain, ".", "-")}-sub"
  dns_name    = "${var.subdomain}.${var.apex_domain}."
  description = "JX DNS subdomain zone managed by terraform"
  dnssec_config {
    kind          = "dns#managedZoneDnsSecConfig"
    non_existence = "nsec3"
    state         = var.dnssec_state

    default_key_specs {
      algorithm  = "rsasha256"
      key_length = 2048
      key_type   = "keySigning"
      kind       = "dns#dnsKeySpec"
    }
    default_key_specs {
      algorithm  = "rsasha256"
      key_length = 1024
      key_type   = "zoneSigning"
      kind       = "dns#dnsKeySpec"
    }
  }

  force_destroy = true
}

variables.tf

variable "dnssec_state" {
  description = "The apex domain to be allocated to the cluster"
  type        = string
  default     = "off"
}

Environment details:
Terraform version 1.3.2
Terraform init versions:

• Installing hashicorp/helm v2.7.1...
• Installed hashicorp/helm v2.7.1 (signed by HashiCorp)
• Installing hashicorp/google v4.40.0...
• Installed hashicorp/google v4.40.0 (signed by HashiCorp)
• Installing hashicorp/random v3.4.3...
• Installed hashicorp/random v3.4.3 (signed by HashiCorp)
• Installing hashicorp/local v2.2.3...
• Installed hashicorp/local v2.2.3 (signed by HashiCorp)
• Installing hashicorp/null v3.1.1...
• Installed hashicorp/null v3.1.1 (signed by HashiCorp)
• Installing hashicorp/google-beta v4.40.0...
• Installed hashicorp/google-beta v4.40.0 (signed by HashiCorp)
• Installing hashicorp/kubernetes v2.14.0...
• Installed hashicorp/kubernetes v2.14.0 (signed by HashiCorp)