diff --git a/templates/terraform/constants/scheduler_auth.erb b/templates/terraform/constants/scheduler_auth.erb
index fde9b461f5b2..f63e38105b46 100644
--- a/templates/terraform/constants/scheduler_auth.erb
+++ b/templates/terraform/constants/scheduler_auth.erb
@@ -19,23 +19,24 @@ func validateAuthHeaders(diff *schema.ResourceDiff, v interface{}) error {
 
 
 func authHeaderDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
+    // If generating an `oauth_token` and `scope` is not provided in the configuration,
+    // the default "https://www.googleapis.com/auth/cloud-platform" scope will be used.
+    // Similarly, if generating an `oidc_token` and `audience` is not provided in the
+    // configuration, the URI specified in target will be used. Although not in the 
+    // configuration, in both cases the default is returned in the object, but is not in.
+    // state. We suppress the diff if the values are these defaults but are not stored in state.
+
     b := strings.Split(k, ".")
     if b[0] == "http_target" && len(b) > 4 {
         block := b[2]
         attr := b[4]
 
-        // If generating an oauth_token and scope is not provided in the configuration,
-        // the default "https://www.googleapis.com/auth/cloud-platform" scope will be used.
-        // Although not in the configuration, this is returned and will be stored in state.
         if block == "oauth_token" && attr == "scope" {
             if old == canonicalizeServiceScope("cloud-platform") && new == "" {
                 return true
             }
         }
 
-        // If generating an oidc_token and audience is not provided in the configuration,
-        // the URI specified in target will be used. Although not in the configuration,
-        // this is returned and will be stored in state.
         if block == "oidc_token" && attr == "audience" {
             uri := d.Get(strings.Join(b[0:2], ".")+".uri")
             if old == uri && new == "" {