GOOGLE COMPUTE REGIONAL SECURITY POLICY DRIFT RECREATE IS NOT WORKING

[cyber-francis]

Expected Behavior

Say I create a security rule called rule-1 using Terraform, and then someone deletes this rule manually from the google console. I expect Terraform to figure this out and then recreate the rule-1 next time I run Terraform apply.

Actual Behavior

When I run terraform apply, it throws an error and says that the rule doesn't exist.

Steps to Reproduce

1. Create a REGIONAL SECURITY POLICY using terraform
2. Create a Security Policy Rule using terraform
3. Attach the rule to the REGIONAL SECURITY POLICY
4. Terraform apply
5. Delete the rule via google console
6. Then Terraform plan/apply will throw an error

Versions

google@~>5.25.0 LOCAL google-beta@~>5.30.0 LOCAL

Providers

google 5.25.0 google-beta 5.30.0 null 3.2.2

Gist

No response

Possible Solutions

no solution

Workarounds

none

Anything Else?

NA

References

No response

Help Wanted

• [ ] I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[nbaju1]

Not that this is a CDKTF issue, but Terraform trusts the statefile as the single source of truth. Your statefile says the resource has been created hence it throws an error when it tries to apply changes to the non-existing resource.

In general you should never make manual changes out of band on resources managed by Terraform, unless you also combine it with the ignore_changes block on the resource in question. To fix your issue you need to delete the resource from the statefile with terraform state rm [resource path] before running plan/apply to recreate the resource.

[cyber-francis]

But a typical terraform behavior will be to recreate the resource. Why is it different for security policy rule?

[nbaju1]

What is the output of terraform plan after you have manually deleted the policy rule?

[Saaalih2g]

ارجو حل المشكله

في أربعاء، 29 مايو، 2024 في 11:26 ص، كتب Anders Julton < @.***>:

What is the output of terraform plan after you have manually deleted the policy rule?

— Reply to this email directly, view it on GitHub https://github.com/hashicorp/terraform-cdk/issues/3632#issuecomment-2136835624, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5IDPXAPH5VAU67WPQBA6CDZEWGLHAVCNFSM6AAAAABIHU4KXSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZWHAZTKNRSGQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>