ip_filter_objects reordering without change

[MarcoGlauser]

What happened?

We have multiple ip_filter_objects setup like this:

    ip_filter_object {
      network = "x.x.x.x/23"
      description = "a ipv4"
    }
    ip_filter_object {
      network     = "x:x:x::/48"
      description = "a ipv6"
    }
    ip_filter_object {
      network     = "x.x.x.x/16"
      description = "b"
    }
    ip_filter_object {
      network     = "x.x.x.x/16"
      description = "c"
    }
    ip_filter_object {
      network = "${var.d}/32"
      description = "d"
    }

Most of them are static defined as a hardcoded string. However, we also have one static ip (var.d) that is defined through another resource. Since it's a public static ip address, this one is not changing.

Without changing anything in the terraform configuration, the order if ip_filter_objects gets randomly reshuffled. The content stays the same, only the order changes.

          ~ ip_filter_object {
              ~ description = "d" -> "a ipv4"
              ~ network     = "x.x.x.x/32" -> "x.x.x.x/23"
            }
          ~ ip_filter_object {
              ~ description = "c" -> "a ipv6"
              ~ network     = "x.x.x.x/16" -> "x:x:x::/48"
            }
          ~ ip_filter_object {
              ~ description = "a ipv6" -> "c"
              ~ network     = "x:x:x::/48" -> "x.x.x.x/16"
            }
          ~ ip_filter_object {
              ~ description = "a ipv4" -> "d"
              ~ network     = "x.x.x.x/23" -> "x.x.x.x/32"
            }

And then after a while, again without touching the terraform files:

          ~ ip_filter_object {
              ~ description = "d" -> "a ipv4"
              ~ network     = "x.x.x.x/32" -> "x.x.x.x/23"
            }
          ~ ip_filter_object {
              ~ description = "c" -> "a ipv6"
              ~ network     = "x.x.x.x/16" -> "x:x:x::/48"
            }
          ~ ip_filter_object {
              ~ description = "a ipv6" -> "c"
              ~ network     = "x:x:x::/48" -> "x.x.x.x/16"
            }
          ~ ip_filter_object {
              ~ description = "a ipv4" -> "d"
              ~ network     = "x.x.x.x/23" -> "x.x.x.x/32"
            }

What did you expect to happen?

ip_filter_objects to stay in the same order when nothing changes

What else do we need to know?

Version 4.14.0

[Serpentiel]

Hey, @MarcoGlauser! 👋

Thank you for raising this issue. As I can see, we've initially discussed this under #1622.

Our team will take a look at it and will let you know what's going on with it shortly.

Currently, it looks like a problem with this function: https://github.com/aiven/terraform-provider-aiven/blob/094e90ea5b88b07d803de82ec2afe27742737ac5/internal/schemautil/mutations.go#L19-L115

We will let you know when there are more details to share, or if we need more information.

[byashimov]

The issue is here utils.go I'll come back with the fix asap.

[shaunkillingbeck]

We're also seeing this same issue, same terraform version (4.14.0)

@Serpentiel What's the behaviour when applying a change like this? does the Aiven API know to do nothing or would it temporarily remove all the IPs from the filter while trying to action the change? I'm trying to understand if it's safe to run terraform apply with a diff like this showing up or if it could cause temporary disruption to services connecting via these IPs

[Serpentiel]

Hey, @shaunkillingbeck! 👋

This is a harmless diff, and applying it won't actually change anything 🙂

Also, the fix is almost out, so I would recommend waiting until it's released, or in case if there's an urgency, you can try maually building the provider from the branch.

[Serpentiel]

Hey folks! 👋

This should have been fixed now and will be released shortly.

Should you have any further questions or concerns, feel free to reopen this issue.