Bug planning changes to twingate resource groups list everytime it runs

[robotparty]

We see dozens of plan elements like the below when we haven't made group-to-resource config changes... any idea why? Is this a known bug or a problem with our module maybe? TF v1.8.4 TG Provider v1.2

  # module.twingate_resources.twingate_resource.current["int-dev-2fa"] will be updated in-place
!   resource "twingate_resource" "current" {
        id                          = "YYYYYYYYYYYYYYYYYYYY=="
        name                        = "dev-2fa"
!       remote_network_id           = "NNNNNNNNNNNNNNNNNNN==" -> (known after apply)
!       security_policy_id          = "U2VjdXJpdHlQb2xpY3k6NjY1ODA=" -> (known after apply)
        # (6 unchanged attributes hidden)

!       access {
!           group_ids           = [
-               "R3JvdXA6nnnnnnnz",
            ] -> (known after apply)
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.twingate_resources.twingate_resource.current["int-dev-api"] will be updated in-place
!   resource "twingate_resource" "current" {
        id                          = "XXXXXXXXXXXXXXXXXXXXXXX=="
        name                        = "dev-api"
!       remote_network_id           = "NNNNNNNNNNNNNNNNNNN==" -> (known after apply)
!       security_policy_id          = "U2VjdXJpdHlQb2xpY3k6NjY1ODA=" -> (known after apply)
        # (6 unchanged attributes hidden)

!       access {
!           group_ids           = [
-               "R3JvdXA6nnnnnnz",
            ] -> (known after apply)
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.twingate_resources.twingate_resource.current["int-dev-bakkt"] will be updated in-place
!   resource "twingate_resource" "current" {
        id                          = "ZZZZZZZZZZZZZZZZZZZZZZZz=="
        name                        = "dev-bakkt"
!       remote_network_id           = "NNNNNNNNNNNNNNNNNNN==" -> (known after apply)
!       security_policy_id          = "U2VjdXJpdHlQb2xpY3k6NjY1ODA=" -> (known after apply)
        # (6 unchanged attributes hidden)

!       access {
!           group_ids           = [
-               "R3JvdXA6mmmmmmz",
            ] -> (known after apply)
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.twingate_resources.twingate_resource.current["int-dev-bakkt-ptr"] will be updated in-place
!   resource "twingate_resource" "current" {
        id                          = "UmVzb3VyY2U6MjM0NTgxNA=="
        name                        = "dev-bakkt-ptr"
!       remote_network_id           = "NNNNNNNNNNNNNNNNNNN==" -> (known after apply)
!       security_policy_id          = "U2VjdXJpdHlQb2xpY3k6NjY1ODA=" -> (known after apply)
        # (6 unchanged attributes hidden)

!       access {
!           group_ids           = [
-               "R3Jvdxxxxxxxxxx",
            ] -> (known after apply)
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }
... and so on for every twingate group

[agriffin208]

Hi @robotparty, not a dev here nor am I extremely knowledgeable with Terraform.

That said, TG provider 1.2.x is an old version (last year). I'd heavily suggest to work on upgrading to 3.0.9+ (3.0.12 is currently latest).

Upgrading the provider to 3.0.9+ should address most issues related to planning noise and performance, as these later versions are optimized to handle configurations more gracefully. Release notes can be found here.

Should you still see this in 3.0.9+, I'll defer to others for their input.

[robotparty]

Dang, I usually check that first...thought we'd upgraded FAR more recently. BTW: We've been using this provider since the day we adopted Twingate (as specified by our IaC/Gitops stance) to manage all the most critical parts of our config (connector deployments, groups, & resources). Our team is grateful that it's been supported the critical features we need and has been very reliable. Thanks for making your TF provider a priority!

[robotparty]

I've attempted an upgrade to v3.0.12 (both directly and with a stop at v2.1.2) and am getting a lot of type conversion errors for twingate resources. 1 for each resource, I think it has to do with the way access changed to access_group going from a list to a string maybe?

│ Error: Value Conversion Error
│ 
│   with module.twingate_resources.twingate_resource.current["int-prod-web"],
│ An unexpected error was encountered trying to convert from struct into an
│ object. This is always an error in the provider. Please report the
│ following to the provider developer:
│ 
│ Mismatch between struct and object type: Struct defines fields not found in
│ object: access. Object defines fields not found in struct: access_service
│ and access_group.
│ Struct: resource.resourceModelV1
│ Object type:
│ types.ObjectType["access_group":types.SetType[types.ObjectType["group_id":basetypes.StringType,
│ "security_policy_id":basetypes.StringType,
│ "usage_based_autolock_duration_days":basetypes.Int64Type]],
│ "access_service":types.SetType[types.ObjectType["service_account_id":basetypes.StringType]],
│ "address":basetypes.StringType, "alias":basetypes.StringType,
│ "id":basetypes.StringType, "is_active":basetypes.BoolType,
│ "is_authoritative":basetypes.BoolType,
│ "is_browser_shortcut_enabled":basetypes.BoolType,
│ "is_visible":basetypes.BoolType, "name":basetypes.StringType,
│ "protocols":types.ObjectType["allow_icmp":basetypes.BoolType,
│ "tcp":types.ObjectType["policy":basetypes.StringType,
│ "ports":types.SetType[basetypes.StringType]],
│ "udp":types.ObjectType["policy":basetypes.StringType,
│ "ports":types.SetType[basetypes.StringType]]],
│ "remote_network_id":basetypes.StringType,
│ "security_policy_id":basetypes.StringType]
╵
...