google_compute_network_edge_security_service showing diff for security_policy

[imrannayer]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Affected Resource(s)

• google_compute_network_edge_security_service

Terraform Configuration Files

resource "google_compute_region_security_policy" "region_adv_ddos_protection" {
  provider = google-beta
  project  = var.project_id

  name        = "${var.prefix}-ca-adv-ddos-policy"
  description = "${var.prefix} CA Advance DDoS protection for region us-central1"
  type        = "CLOUD_ARMOR_NETWORK"
  region      = "us-central1"

  ddos_protection_config {
    ddos_protection = "ADVANCED"
  }

}

resource "google_compute_network_edge_security_service" "region_adv_ddos_protection" {
  provider = google-beta
  project  = var.project_id

  name            = "${var.prefix}-edge-security-service"
  region          = var.region
  description     = "${var.prefix} My basic edge security service"
  security_policy = google_compute_region_security_policy.region_adv_ddos_protection.id
}

Debug Output

Panic Output

Expected Behavior

google_compute_network_edge_security_service.security_policy accepts both security policy ID or self_link.

Actual Behavior

It shows diff after first execution if security policy ID is passed. It works fine when self_link is passed.

Steps to Reproduce

1. terraform apply

Important Factoids

References

b/309763678

[edwardmedia]

@imrannayer can you share the debug log that can show the diff?

[slevenick]

I'm not sure this is wrong exactly, the docs for this field does say "The resource URL for the network edge security service associated with this network edge security service."

We could add a diff suppress func on this field to only compare the value after "projects/" but it seems reasonable to just input the self_link value.

[imrannayer]

I think we can keep it as it is. Adding an example will make it easier for everyone to know they need to use self_link and not id. You can add the example I posted in this ticket.