Upgrade from provider version 3.13.0 to 3.14.0 shows changes made outside of terraform for secondary_ip_allocation_mode

[NilsBusche]

Terraform Version

Terraform v1.9.6

Affected Resource(s)

• vcd_vapp_vm

Terraform Configuration Files

terraform {
  required_providers {
    vcd = {
      source  = "vmware/vcd"
      version = "3.13.0"
    }
  }
  required_version = "1.9.6"
}

resource "vcd_vapp_vm" "instance" {
  vapp_name                = "testvapp01"
  name                     = "testvm01"
  computer_name            = "testvm01"
  vapp_template_id         = "urn:vcloud:vapptemplate:d9d38664-be73-4f4c-8da6-42ef78472fb9"
  cpus                     = 1
  cpu_cores                = 1
  memory                   = 4096

  network {
    type               = "org"
    name               = "test-network"
    adapter_type       = "VMXNET3"
    ip_allocation_mode = "POOL"
    is_primary         = true
    connected          = true
  }
}

output "all_ips" {
  value = vcd_vapp_vm.instance.network.*.ip
}

Expected Behavior

Upgrade of the provider version should not display changes outside of terraform if there has nothing changed.

Actual Behavior

After upgrading to provider version 3.14.0 terraform informs about changes made outside of terraform regarding the new network block attribute secondary_ip_allocation_mode in some cases, even if there has nothing changed:

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # vcd_vapp_vm.instance has changed
  ~ resource "vcd_vapp_vm" "instance" {
        id                             = "urn:vcloud:vm:f8a4ade4-edfd-48fd-9cb1-b1003ba2faa8"
        name                           = "testvm01"
        # (37 unchanged attributes hidden)

      ~ network {
            name                         = "test-network"
          + secondary_ip_allocation_mode = "NONE"
            # (8 unchanged attributes hidden)
        }

        # (2 unchanged blocks hidden)
    }

Steps to Reproduce

1. Create configuration from above
2. terraform apply
3. Ugrade provider version in version constraint to 3.14.0
4. Add an additional network block to the config:

   network {
   type               = "org"
   name               = "test-network"
   adapter_type       = "VMXNET3"
   ip_allocation_mode = "POOL"
   is_primary         = false
   connected          = true
   }

5. terraform init -upgrade
6. terraform plan

Important Factoids

• The issue only occurs if you are referencing dynamically on all network blocks, for example with an output like in the configuration above.
• Additionally it only occurs if you change something in the (network) configuration, not only by upgrading and running terraform plan then.
• We had some other configuration (vcd_vapp_vm in a module, similar output in the module, using the module's output in the root config also as a "real" output) where even a change of other attributes of the VM (e. g. CPU count) caused this warning.

[adambarreiro]

Hi @NilsBusche,

I could reproduce the issue, but I'm unsure whether it is an issue with the Provider itself or Terraform core, as indeed removing the output doesn't cause the issue (if the Provider was buggy I guess it should always report the diff, like something failed during Reads of the remote system).

I'll dig more to see whether I can find something more specific.

In the meantime, I saw that doing a terraform refresh before step 6 (last terraform plan) makes the note/warning to disappear. Not sure if that would work for you?

[NilsBusche]

@adambarreiro

I could reproduce the issue, but I'm unsure whether it is an issue with the Provider itself or Terraform core, as indeed removing the output doesn't cause the issue (if the Provider was buggy I guess it should always report the diff, like something failed during Reads of the remote system).

Yes, it seems that the issue only occurs, if you reference the network blocks in another resource/output/etc. I would assume that this is also the reason why Terraform only then reports it as "change outside of Terraform". If you do not use it anywhere else, there is no need to report it. But this is only my personal assumption without digging deeper into the exact Terraform functionality.

In the meantime, I saw that doing a terraform refresh before step 6 (last terraform plan) makes the note/warning to disappear. Not sure if that would work for you?

This works and maybe we will use this as a workaround in the meantime. Since we have hundreds of VMs in different projects, this is a slightly bigger task, which has to be coordinated, so a solution on the provider's site would be preferred for us.