How to add multiple consumer_accept_lists definitions

[kgibson-insight]

Terraform Version

Terraform v1.2.8
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v4.33.0

Affected Resource(s)

• google_compute_service_attachment

Terraform Configuration Files

variable "consumer_accept_list" {
  type = list(object({
    connection_limit  = number
    project_id_or_num = string
  }))
}

resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
  name        = format("%s-%s-fr", var.application_prefix, var.region)
  region      = var.region
  description = "A service attachment configured with Terraform"

  enable_proxy_protocol    = false
  connection_preference    = "ACCEPT_MANUAL"
  nat_subnets              = [data.google_compute_subnetwork.psc_subnetwork.id]
  target_service           = google_compute_forwarding_rule.vault_fr[0].id
  dynamic "consumer_accept_lists" {
    for_each =  var.consumer_accept_list
    content {
      connection_limit = consumer_accept_lists.value.connection_limit
      project_id_or_num = consumer_accept_lists.value.project_id_or_num
    }
  }
}

I'm having issue getting terraform to write the same order of list of objects to state, so anytime apply runs, terraform thinks there is a change.

Getting a few warnings

2022-08-26T18:04:48.299-0400 [WARN]  Provider "registry.terraform.io/hashicorp/google" produced an invalid plan for module.us-east1-vault-test.google_compute_service_attachment.psc_ilb_service_attachment, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .domain_names: planned value cty.ListValEmpty(cty.String) for a non-computed attribute
      - .consumer_reject_lists: planned value cty.ListValEmpty(cty.String) for a non-computed attribute

2022-08-26T18:05:00.105-0400 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/google\"]" produced an unexpected new value for module.us-east1-vault-test.google_compute_service_attachment.psc_ilb_service_attachment, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .fingerprint: was cty.StringVal("EArDiZC4UUU="), but now cty.StringVal("xjKEvF9-lXo=")
      - .consumer_accept_lists[0].project_id_or_num: was cty.StringVal("project-1"), but now cty.StringVal("project-2)
      - .consumer_accept_lists[1].project_id_or_num: was cty.StringVal("project-2"), but now cty.StringVal("project-1")

Basically what I'm seeing is list of objects defined in var.consumer_accept_list does not match the order in state. Each time terraform apply runs, it wants to update the order. The oder that apply wants to update to does not ever get applied in state and state remains unchanged on each run of apply.

So:

1. List is written to state arbitrarily
2. Each apply compares new list with state and finds delta
3. Delta found on apply is never applied to state

Rinse repeat.

So is this a bug in provider or am I just doing it wrong?

Question is how to define multiple consumer_accept_lists for resource google_compute_service_attachment

[edwardmedia]

@kgibson-insight this is a bug, but the fix would be a breaking-change. Label is a breaking-change then

[rileykarson]

@ScottSuarez to investigate in more depth an approach we could take

[ScottSuarez]

There are a couple options to resolve this.

• List -> Set: This is a breaking change, would need to wait for a major release
• Ignore read of the field. This would make it so terraform state is the only reality terraform is aware of. Updating out of band won't make any difference. Not ideal but this scenario is already broken as is.
• CustomizeDiff to ignore a difference and treat the list as a Set. Similar to resourceBigtableInstanceClusterReorderTypeList
• Custom flatten for this array where the setting of the field in state does not set anything if it already equivalent by writing a custom compare method.

[joemiller]

@ScottSuarez is there a preferred solution from that list? Would it be the final bullet, custom flatten for this array..., which sounds like the least impactful, potentially

[ScottSuarez]

CustomizeDiff would be the best with List -> Set being the ideal but can only be done during a 5.0 release

[c2thorn]

closed with GoogleCloudPlatform/magic-modules#9058

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.