Closed imrannayer closed 1 month ago
Do you have the terraform plan
results? This shouldn't be possible.
@rileykarson here is the code
resource "google_compute_security_policy" "default" {
project = local.project_id
name = "policyruletest"
description = "basic global security policy"
type = "CLOUD_ARMOR"
}
resource "google_compute_security_policy_rule" "policy_rule" {
project = local.project_id
security_policy = google_compute_security_policy.default.name
description = "new rule"
priority = 100
match {
versioned_expr = "SRC_IPS_V1"
config {
src_ip_ranges = ["10.10.0.0/16"]
}
}
action = "allow"
preview = false
}
output "google_compute_security_policy" {
value = google_compute_security_policy.default
}
here is the plan
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:
# google_compute_security_policy.default has changed
~ resource "google_compute_security_policy" "default" {
~ fingerprint = "tjPR0Q33Y5E=" -> "9GFVC1UlNlU="
id = "projects/prj/global/securityPolicies/policyruletest"
name = "policyruletest"
# (4 unchanged attributes hidden)
+ rule {
+ action = "allow"
+ description = "new rule"
+ preview = false
+ priority = 100
+ match {
+ versioned_expr = "SRC_IPS_V1"
+ config {
+ src_ip_ranges = [
+ "10.10.0.0/16",
]
}
}
}
# (1 unchanged block hidden)
}
Ah, that's not quite a plan- that's a newer-0.15.4+
according to this page- feature that shows differences between the state and remote state (i.e. the new state after a refresh). Is a terraform plan
actually getting generated that shows this?
This feature can show up with unhelpful changes highlighted a lot in GCP, unfortunately. GCP has lots of big resources with lots of moving parts and optional-with-default fields compared to smaller resources with stricter schemas used in groups in AWS/Azure, and results in messages like this. google_container_cluster
is especially bad for it.
Closing since I think that's the only issue here, but I'll reopen if we see a bad terraform plan
getting generated too!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Community Note
Terraform Version & Provider Version(s)
Terraform v1.8.2 on linux_amd64 google = 5.43 google-beta = 5.43
Affected Resource(s)
google_compute_region_security_policy
Terraform Configuration
Debug Output
No response
Expected Behavior
Should not show diff
Actual Behavior
Showing diff for
fingerprint
Steps to reproduce
Apply terraform apply twice
terraform apply
Important Factoids
No response
References
No response