Unchanged nested TypeSet fields lost in state during diff/update

[rileykarson]

Terraform Version

Terraform v0.11.8 / Terraform Google Beta provider tests

Terraform Configuration Files

My schema contains a TypeList with a TypeSet inside of it; I've put 2 objects in that TypeSet. Plan is idempotent after Create. When I update from 2 items -> 1, -> 0, or to 2 different objects, Terraform has behaved correctly.

When I update from 2 -> 2 objects, and one of them is the same, Terraform loses the object that remained the same. From then on, Terraform is no longer idempotent. It shows the error under the "Actual Behaviour" header below, and each apply will only contain the (alternating) changed field.

provider "google-beta" {
}

resource "google_dns_managed_zone" "private" {
  provider = "google-beta"
  name = "private-zone"
  dns_name = "private.example.com."
  description = "Example private DNS zone"
  visibility = "private"
  private_visibility_config {
    networks {
      network_url = "${google_compute_network.network-1.self_link}"
    }
    networks {
      network_url = "${google_compute_network.network-3.self_link}"
    }
  }
}

resource "google_compute_network" "network-1" {
  name = "network-1"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-2" {
  name = "network-2"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-3" {
  name = "network-3"
  auto_create_subnetworks = false
}

provider "google-beta" {
}

resource "google_dns_managed_zone" "private" {
  provider = "google-beta"
  name = "private-zone"
  dns_name = "private.example.com."
  description = "Example private DNS zone"
  visibility = "private"
  private_visibility_config {
    networks {
      network_url = "${google_compute_network.network-3.self_link}"
    }
    networks {
      network_url = "${google_compute_network.network-2.self_link}"
    }
  }
}

resource "google_compute_network" "network-1" {
  name = "network-1"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-2" {
  name = "network-2"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-3" {
  name = "network-3"
  auto_create_subnetworks = false
}

Debug Output

I can provide full logs if needed. Relevant snippet at https://gist.github.com/rileykarson/673de95f0684671bdb2aadc76ed58d52. You can see that a GET from the API returns 2 entities & records them properly in state, a correct plan diff is shown & then the PATCH request has only 1 network. I can confirm this is from d.Get after verifying with log statements.

Expected Behavior

Doing a d.Get returns both networks blocks

Actual Behavior

Doing a d.Get returned only a single block

        DIFF:

        UPDATE: google_dns_managed_zone.private
          private_visibility_config.0.networks.#:                      "1" => "2"
          private_visibility_config.0.networks.2113320631.network_url: "" => "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-2-l0tzabhbdf"

        STATE:

        google_compute_network.network-1:
          ID = network-1-l0tzabhbdf
          provider = provider.google
          auto_create_subnetworks = false
          description =
          gateway_ipv4 =
          ipv4_range =
          name = network-1-l0tzabhbdf
          project = graphite-test-rileykarson
          routing_mode = REGIONAL
          self_link = https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-1-l0tzabhbdf
        google_compute_network.network-2:
          ID = network-2-l0tzabhbdf
          provider = provider.google
          auto_create_subnetworks = false
          description =
          gateway_ipv4 =
          ipv4_range =
          name = network-2-l0tzabhbdf
          project = graphite-test-rileykarson
          routing_mode = REGIONAL
          self_link = https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-2-l0tzabhbdf
        google_compute_network.network-3:
          ID = network-3-l0tzabhbdf
          provider = provider.google
          auto_create_subnetworks = false
          description =
          gateway_ipv4 =
          ipv4_range =
          name = network-3-l0tzabhbdf
          project = graphite-test-rileykarson
          routing_mode = REGIONAL
          self_link = https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-3-l0tzabhbdf
        google_dns_managed_zone.private:
          ID = private-zone-l0tzabhbdf
          provider = provider.google
          description = Example private DNS zone
          dns_name = private.example.com.
          labels.% = 0
          name = private-zone-l0tzabhbdf
          name_servers.# = 1
          name_servers.0 = ns-gcp-private.googledomains.com.
          private_visibility_config.# = 1
          private_visibility_config.0.networks.# = 1
          private_visibility_config.0.networks.2690674482.network_url = https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-3-l0tzabhbdf
          project = graphite-test-rileykarson
          visibility = private

          Dependencies:
            google_compute_network.network-2
            google_compute_network.network-3

Steps to Reproduce

make testacc TEST=./google-beta TESTARGS='-run=TestAccDnsManagedZone_privateUpdate'

on hashicorp/terraform-provider-google-beta#229

Alternatively,

• terraform init
• terraform apply
• terraform apply

Additional Context

I tried this with a top-level TypeSet and it worked correctly. It's entirely possible that the error has nothing to do with nesting and it was just this one that triggered the issue, but I suspect nesting is the problem.

References

Maybe https://github.com/hashicorp/terraform/issues/8892 and #8891? The fix is from 2016, so it should definitely be included.

[jbardin]

Hi @rileykarson,

Thanks for filing the issue. Unfortunately I'm not able to verify this locally at the moment, the acc test account I have access to is reporting over quota. However, I'm also not able to replicate this manually with nested sets, or like in this case, a list of sets. I suspect there could be some interaction with a SetFunc, or DiffSuppressFunc too.

Can you show the raw data that d.Get returns?

The core dependencies are out of sync in vendor directory in that branch (you should have the same release of all terraform packages), so I would start by syncing those with the latest release and trying again. I'm not sure if the ACC tests in the provider have been updated yet (they might not require anything), but testing against terraform master may be worthwhile as well.

[rileykarson]

Hey @jbardin! We're vendoring 0.12 SDK changes to our provider(s) soon, so I'll post an update once we've finished that. We're tracking hashicorp/terraform-provider-google#2671 to make sure we have the correct behaviour before our 2.0.0 release.

[drebes]

I think this is actually working correctly.

For example, starting with

resource "google_dns_managed_zone" "private" {
  provider    = "google-beta"
  name        = "private-zone"
  dns_name    = "private.example.com."
  description = "Example private DNS zone"
  visibility  = "private"

  private_visibility_config {
    networks {
      network_url = "${google_compute_network.network-1.self_link}"
    }

    networks {
      network_url = "${google_compute_network.network-2.self_link}"
    }
  }
}

resource "google_compute_network" "network-1" {
  name                    = "network-1"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-2" {
  name                    = "network-2"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-3" {
  name                    = "network-3"
  auto_create_subnetworks = false
}

The zone is initially created with the two correct URLs:

  + google_dns_managed_zone.private
      id:                                                          <computed>
      description:                                                 "Example private DNS zone"
      dns_name:                                                    "private.example.com."
      name:                                                        "private-zone"
      name_servers.#:                                              <computed>
      private_visibility_config.#:                                 "1"
      private_visibility_config.0.networks.#:                      "2"
      private_visibility_config.0.networks.193060761.network_url:  "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-1"
      private_visibility_config.0.networks.2458422819.network_url: "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-2"
      project:                                                     <computed>
      visibility:                                                  "private"

And the POST is done with the right values:

2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: POST /dns/v1beta2/projects/drebes-playground-alpha-5ae4/managedZones?alt=json HTTP/1.1
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: Host: www.googleapis.com
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: User-Agent: Terraform/0.11.9 (+https://www.terraform.io) terraform-provider-google-beta/dev
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: Content-Length: 424
  project:                                                     "" => "<computed>"
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: Content-Type: application/json
  visibility:                                                  "" => "private"
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: Accept-Encoding: gzip
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: 
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: {
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "description": "Example private DNS zone",
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "dnsName": "private.example.com.",
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "forwardingConfig": null,
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "name": "private-zone",
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "privateVisibilityConfig": {
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:   "networks": [
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:    {
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:     "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-1"
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:    },
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:    {
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:     "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-2"
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:    }
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:   ]
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  },
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta:  "visibility": "private"
2018-12-22T00:59:13.912+0100 [DEBUG] plugin.terraform-provider-google-beta: }

Now when we update the second network from network-2 to network-3:

resource "google_dns_managed_zone" "private" {
  provider    = "google-beta"
  name        = "private-zone"
  dns_name    = "private.example.com."
  description = "Example private DNS zone"
  visibility  = "private"

  private_visibility_config {
    networks {
      network_url = "${google_compute_network.network-1.self_link}"
    }

    networks {
      network_url = "${google_compute_network.network-3.self_link}"
    }
  }
}

Terraform wants to do the right thing:

  ~ google_dns_managed_zone.private
      private_visibility_config.0.networks.2458422819.network_url: "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-2" => ""
      private_visibility_config.0.networks.3851402933.network_url: "" => "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-3"

Which due to the Set logic is deleting network-2 and adding network-3 (note that it can't replace the URL or 2458422819 as the new network has a new hash.) Also, since network-1 didn't change, it's not included in the diff.

However, the "deletion" of network-2 results in network-2 being omitted from networks[] of the PATCH call, and only network-3 being added. Notice that since network-1 didn't change, it was not passed to the PATCH call either:

2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: PATCH /dns/v1beta2/projects/drebes-playground-alpha-5ae4/managedZones/private-zone?alt=json HTTP/1.1
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: Host: www.googleapis.com
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: User-Agent: Terraform/0.11.9 (+https://www.terraform.io) terraform-provider-google-beta/dev
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: Content-Length: 203
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: Content-Type: application/json
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: Accept-Encoding: gzip
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: 
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta: {
2018-12-22T01:05:57.889+0100 [DEBUG] plugin.terraform-provider-google-beta:  "description": "Example private DNS zone",
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:  "privateVisibilityConfig": {
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:   "networks": [
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:    {
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:     "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-3"
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:    }
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:   ]
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta:  }
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta: }
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta: 
2018-12-22T01:05:57.890+0100 [DEBUG] plugin.terraform-provider-google-beta: -----------------------------------------------------
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: 2018/12/22 01:05:59 [DEBUG] Google API Response Details:
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: ---[ RESPONSE ]--------------------------------------
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: HTTP/2.0 200 OK
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Cache-Control: private
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Content-Type: application/json; charset=UTF-8
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Date: Sat, 22 Dec 2018 00:05:59 GMT
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Server: ESF
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Vary: Origin
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Vary: X-Origin
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: Vary: Referer
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: X-Content-Type-Options: nosniff
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: X-Frame-Options: SAMEORIGIN
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: X-Xss-Protection: 1; mode=block
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: 
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "id": "e45d4d67-1192-4c96-a1df-39a03f7fbf48",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "startTime": "2018-12-22T00:05:59.286Z",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "status": "done",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "user": "[email protected]",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "type": "UPDATE",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "zoneContext": {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:     "oldValue": {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "name": "private-zone",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "dnsName": "private.example.com.",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "description": "Example private DNS zone",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "id": "4029514701680474260",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "nameServers": [
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: "ns-gcp-private.googledomains.com."
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       ],
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "creationTime": "2018-12-21T23:59:15.196Z",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "visibility": "private",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "privateVisibilityConfig": {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         "networks": [
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-1",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "kind": "dns#managedZonePrivateVisibilityConfigNetwork"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           },
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-2",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "kind": "dns#managedZonePrivateVisibilityConfigNetwork"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           }
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         ],
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         "kind": "dns#managedZonePrivateVisibilityConfig"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       },
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "kind": "dns#managedZone"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:     },
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:     "newValue": {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "name": "private-zone",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "dnsName": "private.example.com.",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "description": "Example private DNS zone",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "id": "4029514701680474260",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "nameServers": [
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: "ns-gcp-private.googledomains.com."
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       ],
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "creationTime": "2018-12-21T23:59:15.196Z",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "visibility": "private",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "privateVisibilityConfig": {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         "networks": [
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           {
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "networkUrl": "https://www.googleapis.com/compute/v1/projects/drebes-playground-alpha-5ae4/global/networks/network-3",
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:             "kind": "dns#managedZonePrivateVisibilityConfigNetwork"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:           }
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         ],
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:         "kind": "dns#managedZonePrivateVisibilityConfig"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       },
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:       "kind": "dns#managedZone"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:     }
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   },
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta:   "kind": "dns#operation"
2018-12-22T01:05:59.476+0100 [DEBUG] plugin.terraform-provider-google-beta: }

Due to PATCH semantics, we go from network-1 and network-2, with a PATCH with network-3, to a resulting state of network-3 only (when we expected network-1 and network-3.)

It appears to me that the PATCH call will always need to have all networks, so in this case I'm not sure we'll be able to support this with a Set.

[rileykarson]

Based on my testing the other day, the problem is a bit before we make the PATCH call - it's that Terraform state is omitting the unmodified network. If you add a d.Get call at the start of Update you can only see the modified networkUrl in the state returned and not the unchanged one.

We perform PATCH by sending every updatable field in the resource (we're effectively doing an UPDATE call) and expect to send the full body of privateVisibilityConfig. We're seeing the full results of what d.Get returned, unfortunately missing that field.

@drebes: Let me know if that makes sense/satisfies you!

We're updating our SDK as soon as we're back from the long weekend, I'll update this again once I've tested with that vendored.

[drebes]

If the d.Get call should include the hash members that were unmodified, I agree with you.

[jbardin]

Hi @rileykarson,

If you have a chance, can you run this against TF master again? I quickly tried to verify it but that test wasn't in the main branches. However, all the TestAccDnsManagedZone tests did pass when I checked if that helps.

[rileykarson]

I'm seeing the same behaviour, the test is new unfortunately! (we'd decided to block merging until it was fixed)

I pushed the branch I tested with, it's at hashicorp/terraform-provider-google-beta#403

Update terraform plan interactively:

  ~ google_dns_managed_zone.private
      private_visibility_config.0.networks.193060761.network_url:  "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-1" => ""
      private_visibility_config.0.networks.3851402933.network_url: "" => "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-3"

Update state change from debug logs during the test:

UPDATE: google_dns_managed_zone.private
  description:                                            "Example private DNS zone" => "Example private DNS zone"
  dns_name:                                               "private.example.com." => "private.example.com."
  forwarding_config.#:                                    "1" => "1"
  forwarding_config.0.target_name_servers.#:              "2" => "2"
  forwarding_config.0.target_name_servers.0.ipv4_address: "172.16.1.20" => "192.168.1.1"
  forwarding_config.0.target_name_servers.1.ipv4_address: "172.16.1.10" => "172.16.1.10"
  id:                                                     "private-zone-b8lnsgbqje" => "private-zone-b8lnsgbqje"
  name:                                                   "private-zone-b8lnsgbqje" => "private-zone-b8lnsgbqje"
  name_servers.#:                                         "1" => "1"
  name_servers.0:                                         "ns-gcp-private.googledomains.com." => "ns-gcp-private.googledomains.com."
  private_visibility_config.#:                            "1" => "1"
  private_visibility_config.0.networks.#:                 "2" => "1"
  private_visibility_config.0.networks.0.network_url:     "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-1-b8lnsgbqje" => "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-3-b8lnsgbqje"
  private_visibility_config.0.networks.1.network_url:     "https://www.googleapis.com/compute/v1/projects/graphite-test-rileykarson/global/networks/network-2-b8lnsgbqje" => ""
  project:                                                "graphite-test-rileykarson" => "graphite-test-rileykarson"
  visibility:                                             "private" => "private"

[jbardin]

Thanks @rileykarson,

This actually shows a change now. I'll investigate why

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.