search

terraform-google-modules / terraform-google-vpc-service-controls

Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
https://registry.terraform.io/modules/terraform-google-modules/vpc-service-controls/google
Apache License 2.0
59 stars 67 forks source link

VPC SC Bridge Ignore Changes should be set on status and not on status[0].ressources #73

Closed aweberlopes closed 2 years ago

aweberlopes commented 2 years ago

TL;DR

Ignore changes on VPC SC Bridge should be set on complete "status" otherwise you getting a big issue that every second run try to remove the resources.

Expected behavior

``Second run if no code changes happend should say "No Infrastructure updates"

 tf apply
module.org_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=845176026782]
module.test-vpc-perimeter-bridge.google_access_context_manager_service_perimeter.bridge_service_perimeter: Refreshing state... [id=accessPolicies/845176026782/servicePerimeters/test_perimeter_bridge]
module.test-vpc-perimeter.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/845176026782/servicePerimeters/test_perimeter]
module.test-vpc-perimeter.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["projects/370146091468"]: Refreshing state... [id=accessPolicies/845176026782/servicePerimeters/test_perimeter/projects/370146091468]
module.test-vpc-perimeter-bridge.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["projects/370146091468"]: Refreshing state... [id=accessPolicies/845176026782/servicePerimeters/test_perimeter_bridge/projects/370146091468]

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Observed behavior

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.test-vpc-perimeter-bridge.google_access_context_manager_service_perimeter.bridge_service_perimeter will be updated in-place
  ~ resource "google_access_context_manager_service_perimeter" "bridge_service_perimeter" {
        id                        = "accessPolicies/845176026782/servicePerimeters/test_perimeter_bridge"
        name                      = "accessPolicies/845176026782/servicePerimeters/test_perimeter_bridge"
        parent                    = "accessPolicies/845176026782"
        perimeter_type            = "PERIMETER_TYPE_BRIDGE"
        title                     = "test_perimeter_bridge"
        use_explicit_dry_run_spec = false

      - status {
          - access_levels       = [] -> null
          - resources           = [
              - "projects/370146091468",
            ] -> null
          - restricted_services = [] -> null
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Terraform Configuration

module "org_policy" {
  source      = "terraform-google-modules/vpc-service-controls/google"
  parent_id   = 468913788879
  policy_name = "test"

}

module "test-vpc-perimeter" {
  source         = "../terraform-google-vpc-service-controls/modules/regular_service_perimeter"
  policy         = module.org_policy.policy_id
  perimeter_name = "test_perimeter"
  description    = "test 123"
  resources      = [370146091468]
}

module "test-vpc-perimeter-bridge" {
  source         = "../terraform-google-vpc-service-controls/modules/bridge_service_perimeter"
  policy         = module.org_policy.policy_id
  perimeter_name = "test_perimeter_bridge"
  description    = "test_123"
  resources      = [370146091468]
}

Terraform Version

❯ terraform version
Terraform v0.13.7
+ provider registry.terraform.io/hashicorp/google v4.6.0

Your version of Terraform is out of date! The latest version
is 1.1.3. You can update by downloading from https://www.terraform.io/downloads.html

Additional information

No response