Policy rules order mixup

[Tensho]

The google_compute_security_policy resource mixes up rules because of Set data structure behind it, which doesn't define elements order. Here is an example of the drift:

  # google_compute_security_policy.policy will be updated in-place
  ~ resource "google_compute_security_policy" "policy" {
        id          = "projects/com-livelinklabs-2-1/global/securityPolicies/baddies"
        name        = "baddies"
        # (5 unchanged attributes hidden)

      ~ adaptive_protection_config {
          + auto_deploy_config {}

            # (1 unchanged block hidden)
        }

      - rule {
          - action      = "allow" -> null
          - description = "Default rule, higher priority overrides it" -> null
          - preview     = false -> null
          - priority    = 2147483647 -> null

          - match {
              - versioned_expr = "SRC_IPS_V1" -> null

              - config {
                  - src_ip_ranges = [
                      - "*",
                    ] -> null
                }
            }

          - preconfigured_waf_config {
            }
        }
...
      + rule {
          + action      = "allow"
          + description = "Default rule, higher priority overrides it"
          + preview     = (known after apply)
          + priority    = 2147483647

          + match {
              + versioned_expr = "SRC_IPS_V1"

              + config {
                  + src_ip_ranges = [
                      + "*",
                    ]
                }
            }
        }

There is google_compute_security_policy_rule resource which manages rules independently. Does switching from policy inline rule blocks to separate resources fix ordering issues?

[imrannayer]

@Tensho can u plz post this question on provider site?

[Tensho]

@imrannayer Sure, meanwhile, I'm pondering workarounds on the module side.

[imrannayer]

@Tensho were you able to recreate this issue without using module?