Fix Inconsistent Final Plan issue for Google Storage Bucket Object

[luciahouse33]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.5.7 on linux_amd65

• provider registry.terraform.io/hashicorp/google v5.35.0

Affected Resource(s)

google_storage_bucket_object

Terraform Configuration

data "archive_file" "source_code" {
  type        = "zip"
  source_dir  = var.source_code_path
  output_path = "artifacts/function.zip"
}
resource "google_storage_bucket_object" "zip" {
  source       = data.archive_file.source_code.output_path
  content_type = "application/zip"
  name         = "src-${var.cloud_function_name}.zip"
  bucket       = var.cloud_function_storage_bucket_name
  depends_on = [
    data.archive_file.source_code
  ]
}

where vars are like:

"source_code_path" = "./scripts/cloud-functions/obtain_raw_data"
"cloud_function_name" = "obtain_raw_data"
"cloud_function_storage_bucket_name" = "data_loader_functions_ddj"

Debug Output

No response

Expected Behavior

Update can be applied

Actual Behavior

Intermittently, the following error happens

When expanding the plan for
│ module.cloud_function_v2_load_data_to_reltio.google_storage_bucket_object.zip
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/google" produced an invalid new value for
│ .detect_md5hash: was cty.StringVal("different hash"), but now
│ cty.StringVal("4UjkMfXUHVjzvgP+c6d0/w==").
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

To resolve as a work around, I have commented out the resources and re-added them after an intermediate deployment.

Steps to reproduce

1. terraform plan (runs successfully)
2. terraform apply

Important Factoids

In the terraform plan, for the resource with the issue, I see the following:

 # module.cloud_function_v2_transform_data.google_storage_bucket_object.zip will be updated in-place
  ~ resource "google_storage_bucket_object" "zip" {
      ~ detect_md5hash   = "W9SGSTCuO8E7doWdvGkgLA==" -> "different hash"
        id               = "data_loader_functions_obd-src-transform_raw_data.zip"
        name             = "src-transform_raw_data.zip"
        # (12 unchanged attributes hidden)
    }

I have seen this twice with the terraform provider 5.35.0. When I have downgraded, and run ~6 updates, I do not see this happen. With it being intermittent, it is hard to fully test.

References

No response

[ggtisc]

Hi @luciahouse33!

I tried to replicate this issue but the result after a terraform apply was Successfully without errors.

I noticed that your environment variable "source_code_path" = "./scripts/cloud-functions/obtain_raw_data" doesn't have the extention for the file(oject) you are looking to upload. Even if you are using content_type it is necessary to put this value on the source as you can see in the most basic example of google_storage_bucket_objectin terraform registry

Due to we don't have access to the data "archive_file" "source_code" and the content of the obtain_raw_data we are sharing you the official links with all the information and additionally here is the used code to replicate this issue:

provider "google" {
  user_project_override = true
  billing_project = "my-project"
  project = "my-project"
}

terraform {
  required_providers {
    google = {
        source = "hashicorp/google-beta"
        version = "5.35.0"
    }
  }
}

resource "google_storage_bucket" "bucket_18618" {
  name = "bucket-18618"
  location = "US"
}

resource "google_storage_bucket_object" "bo_18618" {
  source       = "./utils/bucket_objects/index.zip"
  name         = "bo_18618"
  bucket       = google_storage_bucket.bucket_18618.name
  content_type = "application/zip"
}

The index.zip file contains a index.js file with the next code:

exports.helloGET = (req, res) => {
    res.status(200).send('Hello world!');
};

I suggest you to check your project configuration, environment variables, zip file content and execute the process with a simplified example to test your code after including data blocks, modules, environment variables and locals and when everything is ok you can continue with your current configuration.

If you continue having problems, share the code and the missing data with us. You can change sensitive data block with examples like: project = "my-project" org_id = 1234567890 iam_user = "my-user@my-domain.com"