google_firebase_web_app: updates of google_firebase_web_app fails by a lack of `updateMask` after import

[wreulicke]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.3.6
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v4.47.0
+ provider registry.terraform.io/hashicorp/google-beta v4.47.0
+ provider registry.terraform.io/hashicorp/null v3.1.1

Your version of Terraform is out of date! The latest version
is 1.3.7. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

• google_firebase_web_app

Terraform Configuration Files

resource "google_firebase_web_app" "app" {
  provider        = google-beta
  project         = local.project
  display_name    = "xxxxxxxx"
  deletion_policy = "DELETE"
}

Debug Output

error: https://gist.github.com/wreulicke/a7a37a2680f080b2f465252a69b1e7ef

Panic Output

none

Expected Behavior

The update is successful correctly.

Actual Behavior

The update is done without any errors.

Steps to Reproduce

1. terraform import google_firebase_web_app.app {{name}}
2. terraform apply Then, have this difference.

   resource "google_firebase_web_app" "app" {
   provider        = google-beta
   project         = local.project
   display_name    = "xxxxxxxxxx"
   deletion_policy = "ABANDON" => "DELETE"
   }

Important Factoids

I added displayName to updateMask and tried the API with API explorer. Then, it is successful.

And also, I tried the api without updateMask. The same error was reproduced.

References

• https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps/patch?apix_params=%7B%22name%22%3A%22projects%2Fdd-marshall-saito%2FwebApps%2F1%3A498675121365%3Aweb%3A99cedcac5213757e29765c%22%2C%22resource%22%3A%7B%22displayName%22%3A%22%E3%82%AD%E3%83%A3%E3%83%93%E3%83%8D%E9%BD%8B%E8%97%A4%E9%96%8B%E7%99%BA%E7%92%B0%E5%A2%83%22%7D%7D
• b/277381489

[wreulicke]

I am not sure, but I faced this error when updating deletetion_policy for resources after import.

[edwardmedia]

@wreulicke after you imported the resource, you are supposed to update the config to match the imported state. If a diff is detected, that means you probably need to update the config again. If this is not the case, could you please share your state and your updated ocnfig?

[wreulicke]

@edwardmedia

1. Import google_firebase_web_app with the following source.

resource "google_firebase_web_app" "app" {
  provider        = google-beta
  project         = local.project
  display_name    = "xxxxxxxxxx"
  deletion_policy = "DELETE"
}

2. After import, apply terraform with no changes, then there is a difference in deleteion_policy. "ABANDON" is the imported state. terraform will change the deletion_policy to "DELETE".

resource "google_firebase_web_app" "app" {
  provider        = google-beta
  project         = local.project
  display_name    = "xxxxxxxxxx"
  deletion_policy = "ABANDON" => "DELETE"
}

3. Then, terraform-provider-google-beta fails by a lack of updateMask

The deletion_poicy is a virtual field. So, I expected that terraform provider doesn't call to firebase API. Or, I expected that terraform provider call the API without any errors.

[rainshen49]

Hi, Firebaser here! I was able to reproduce this issue. You are right:

1. Updating virtual field only should not trigger a call to Firebase API. @edwardmedia is this an issue with virtual fields in general, or some flags that should be set for the google_firebase_web_app provider?
2. If 1 fell through, Terraform will call Firebase API with empty updateMask, which will fail with some unrelated error, in this case, something about apiKeys. -- I think the Firebase API could've handled this better, and I'll bring this message to them.

Nonetheless, if you just update deletion_policy, it will be applied to Terraform state despite the error from Firebase API. You can confirm this by terraform plan again and it will show no diff. Since deletion_policy is a virtual field, that's all that's needed.

[edwardmedia]

I see where the problem. Let me open a PR for it. Thanks for reporting the issue. @wreulicke @rainshen49