terraform-provider-google icon indicating copy to clipboard operation
terraform-provider-google copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Permadiff on google_network_services_gateway when address is not specified

Open sruffilli opened this issue 6 months ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.9.5 on darwin_arm64

  • provider registry.terraform.io/hashicorp/google v5.42.0
  • provider registry.terraform.io/hashicorp/google-beta v5.42.0

Affected Resource(s)

google_network_services_gateway

Terraform Configuration

resource "google_network_services_gateway" "default" {
  provider                             = google
  project                              = var.project_id
  name                                 = var.name
  location                             = var.region
  description                          = var.description
  labels                               = var.labels
  addresses                            = null
  type                                 = "SECURE_WEB_GATEWAY"
  ports                                = var.ports
  scope                                = var.scope != null ? var.scope : ""
  certificate_urls                     = var.certificates
  gateway_security_policy              = google_network_security_gateway_security_policy.default.id
  network                              = var.network
  subnetwork                           = var.subnetwork
  delete_swg_autogen_router_on_destroy = var.delete_swg_autogen_router_on_destroy
}

Debug Output

No response

Expected Behavior

Once a google_network_services_gateway resource is created with no specified addresses, any following terraform apply should not result in a permadiff, causing the gateway to be recreated.

Actual Behavior

A permadiff is generated, where the resource tries to get the first available IP address available on the provided subnetwork

  # module.swp.google_network_services_gateway.default must be replaced
-/+ resource "google_network_services_gateway" "default" {
      ~ addresses                            = [ # forces replacement
          - "10.0.253.4",
        ]
      ~ create_time                          = "2024-08-21T08:41:03.979259090Z" -> (known after apply)
      ~ effective_labels                     = {} -> (known after apply)
      ~ id                                   = "projects/ispncclab0-prod-landing/locations/europe-west12/gateways/swp" -> (known after apply)
        name                                 = "swp"
      ~ self_link                            = "https://networkservices.googleapis.com/v1alpha1/projects/ispncclab0-prod-landing/locations/europe-west12/gateways/swp" -> (known after apply)
      ~ terraform_labels                     = {} -> (known after apply)
      ~ update_time                          = "2024-08-21T08:41:21.947014391Z" -> (known after apply)
        # (12 unchanged attributes hidden)
    }

Steps to reproduce

  1. terraform apply to first create the gateway
  2. terraform apply to see the permadiff

Important Factoids

No response

References

No response

sruffilli avatar Aug 21 '24 08:08 sruffilli