The `defined_tags` attribute of an `oci_identity_domains_group` returns in different order causing `change` operation

[jeliker]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

Terraform v1.7.4
on darwin_amd64
+ provider registry.terraform.io/oracle/oci v5.42.0

Affected Resource(s)

affected_resources = oci_identity_domains_group

Terraform Configuration Files

resource "oci_identity_domains_group" "the_group" {
  #Required
  display_name  = var.name
  idcs_endpoint = var.idcs_endpoint
  schemas = [
    "urn:ietf:params:scim:schemas:core:2.0:Group",
    "urn:ietf:params:scim:schemas:oracle:idcs:extension:OCITags",
    "urn:ietf:params:scim:schemas:oracle:idcs:extension:group:Group"
  ]

  #Optional
  attribute_sets = ["all"]

  dynamic "members" {
    for_each = var.members != null ? var.members : local.existing_members
    content {
      #Required
      type  = members.value.type
      value = members.value.value

      #Optional
      ocid = lookup(members.value, "ocid", null)
    }
  }

  timeouts {}

  urnietfparamsscimschemasoracleidcsextensiondynamic_group {
    membership_type = "static"
  }

  urnietfparamsscimschemasoracleidcsextensiongroup_group {
    description = var.description
  }

  urnietfparamsscimschemasoracleidcsextension_oci_tags {
    #Optional
    dynamic "defined_tags" {
      for_each = var.defined_tags != null ? var.defined_tags : []
      content {
        #Required
        key       = defined_tags.value.key
        namespace = defined_tags.value.namespace
        value     = defined_tags.value.value
      }
    }
    dynamic "freeform_tags" {
      for_each = var.freeform_tags != null ? var.freeform_tags : []
      content {
        #Required
        key   = freeform_tags.value.key
        value = freeform_tags.value.value
      }
    }
  }
}

# oci_identity_domains_group.the_group will be updated in-place
  ~ resource "oci_identity_domains_group" "the_group" {
        id                                                    = "265e99784c14bc0b2872d7b3673c3b94"
        # (13 unchanged attributes hidden)

      ~ urnietfparamsscimschemasoracleidcsextension_oci_tags {
            # (1 unchanged attribute hidden)

          ~ defined_tags {
              ~ key       = "user_role" -> "CreatedBy"
              ~ namespace = "Internal" -> "Oracle-Tags"
              ~ value     = "readonly-users" -> "default/user1@example.com"
            }
          ~ defined_tags {
              ~ key       = "managed" -> "CreatedOn"
              ~ namespace = "Internal" -> "Oracle-Tags"
              ~ value     = "yes" -> "2024-04-24T15:43:06.540Z"
            }
          ~ defined_tags {
              ~ key       = "CreatedBy" -> "managed"
              ~ namespace = "Oracle-Tags" -> "Internal"
              ~ value     = "default/user1@example.com" -> "yes"
            }
          ~ defined_tags {
              ~ key       = "CreatedOn" -> "user_role"
              ~ namespace = "Oracle-Tags" -> "Internal"
              ~ value     = "2024-04-24T15:43:06.540Z" -> "readonly-users"
            }

            # (2 unchanged blocks hidden)
        }

        # (3 unchanged blocks hidden)
    }

Debug Output

Panic Output

Expected Behavior

The defined_tags value should not be sensitive to order nor should it be stored in an order different from the order of tag values provided.

Actual Behavior

When defined_tags are iterated and applied to a group, the order of tags on the group resource does not reflect the order of the provided collection. Subsequent updates to the defined_tags using the same input collection results in recurring change operations.

Steps to Reproduce

1. terraform apply
2. Note change to apply defined tags
3. terraform apply
4. Note that change is again triggered even if input value does not change

Important Factoids