Heath checks using port_name only fail to create FW rules

[AndrewBurian]

TL;DR

When a backend group uses health_check.port_name instead of health_check.port the firewall rule allow section contains a null list and errors. In it's current state the error is inscrutable without debugging.

Expected behavior

Either the health check port should be made mandatory, or it should lookup the port name from the instance group and use it.

Observed behavior

Attempts to run terraform plan result in:

Error: Null value found in list
   with module.name.google_compute_firewall.default-hc[0],
  on .terraform/modules/name/main.tf line 436, in resource "google_compute_firewall" "default-hc":
 436: resource "google_compute_firewall" "default-hc" {

Null values are not allowed for this attribute value.

Terraform Configuration

module "test-lb-http" {
  source  = "GoogleCloudPlatform/lb-http/google"
  version = "11.0.0"

  name    = "test-lb"
  project = google_project.test.project_id

  create_address        = true
  ssl                   = true
  load_balancing_scheme = "EXTERNAL"
  target_tags           = ["test"]

  managed_ssl_certificate_domains = [
    "test.com"
  ]

  backends = {
    default = {
      port_name  = "testport"
      protocol   = "HTTP"
      enable_cdn = false

      groups = [{
        group = google_compute_instance_group.my_group.self_link
      }]

      health_check = {
        request_path = "/status"
        port_name = "testport"
        # doesn't work because healthchecks create fw rules that need a port number
      }

      log_config = {
        enable = false
      }

      iap_config = {
        enable = false
      }
    }
  }
}

Terraform Version

Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v5.28.0

Additional information

In my opinion the main issue is really that the error is hard to diagnose, requiring the port number isn't really a huge deal. This fix could just be a docs update.