google_compute_forwarding_rule description field causes resource replacement

[steven-edgar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.4.0 Google terraform provider v4.84.0

Affected Resource(s)

• google_compute_forwarding_rule

Terraform Configuration Files

resource "google_compute_forwarding_rule" {
  name = "example"
  description = "Forwarding rule description"
  region = "europe-west1"
  network = var.network
  ip_address = "1.2.3.4"
 target = var.cloudsql_psc_instance_attachment
  allow_psc_global_access = true 
}

Debug Output

Panic Output

Expected Behavior

On first apply the forwarding rule is created, on second run the resource is left unchanged.

Actual Behavior

# from https://github.com/hashicorp/terraform-provider-google/issues/16258

resource "google_compute_forwarding_rule" "default" {
  name                    = "psc-endpoint"
  description             = "My description"
  region                  = "us-central1"
  load_balancing_scheme   = ""
  target                  = google_compute_service_attachment.producer_service_attachment.id
  network                 = google_compute_network.consumer_net.name
  ip_address              = google_compute_address.consumer_address.id
  allow_psc_global_access = true
}

That can be applied once, causing the resource to be created. But a second tf apply (with no changes to the tf file) causes a plan that includes deletion/recreation, because of description:

  # google_compute_forwarding_rule.default must be replaced
-/+ resource "google_compute_forwarding_rule" "default" {
      - all_ports               = false -> null
      - allow_global_access     = false -> null
      + base_forwarding_rule    = (known after apply)
      ~ creation_timestamp      = "2023-10-16T09:32:38.274-07:00" -> (known after apply)
      + description             = "My description" # forces replacement

Plan: 1 to add, 0 to change, 1 to destroy.

Steps to Reproduce

Set the "description" field in the resource. If this field is unset and the configuration is applied, subsequent applies make no changes.

Important Factoids

This is with a PSC enabled forwarding rule, I've not tried with non-PSC forwarding rules.

References

• 0000

b/308569872

[edwardmedia]

The description is set to ForceNew in the code

It does look like update is supported for description with its api

[rileykarson]

Update support is an enhancement, not a bug.

[justinsb]

I don't think this issue is about update behaviour.

The bug is that when you tf apply a PSC forwarding rule with a description twice - with no changes - the second tf apply forces replacement because TF thinks the description field is changing.

[rileykarson]

Ah, yep, https://github.com/hashicorp/terraform-provider-google/issues/16258 was more clear (although this issue's body stated the same if read correctly). Edited the issue body.

[rileykarson]

@roaks3 any idea why the robot didn't label this one?

[roaks3]

Ah yea, there is a manual step where a member of our team needs to update the team enrollment in mmv1 (the canonical source is internal) and then re-run the labeler. This is part of our team's rotation so it should happen weekly until we build automation around that.

[LucaPrete]

I'm not 100% sure how the PSC specific thing it's related to the description. In the meantime I tried to make the description argument updatable in place. I think this step is anyway needed and possibly it might also fix the bug.

[LucaPrete]

It seems tests are failing as we are not (yet) able to patch the description argument. I'll dig into it with product before abandoning the PR.

[LucaPrete]

I had to abandon the PR as description patching is currently not supported.

[stenalpjolly]

The same issue is present in the compute_global_forwarding_rule as well.