Failing test(s): TestAccAssuredWorkloadsWorkload_FullHandWritten (GA)

[SarahFrench]

Failure rates

• 100% since 2023-11-03

Impacted tests

• TestAccAssuredWorkloadsWorkload_FullHandWritten

Affected Resource(s)

• google_assured_workloads_workload

Nightly build test history

• Link

Message(s)

Diff from violation_notifications_enabled forces replacement

------- Stdout: -------
=== RUN   TestAccAssuredWorkloadsWorkload_FullHandWritten
=== PAUSE TestAccAssuredWorkloadsWorkload_FullHandWritten
=== CONT  TestAccAssuredWorkloadsWorkload_FullHandWritten
    vcr_utils.go:152: Step 1/2 error: After applying this test step, the plan was not empty.
        stdout:
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
        -/+ destroy and then create replacement
        Terraform will perform the following actions:
          # google_assured_workloads_workload.primary must be replaced
        -/+ resource "google_assured_workloads_workload" "primary" {
              ~ compliance_status                 = [
                  - {
                      - acknowledged_violation_count = []
                      - active_violation_count       = []
                    },
                ] -> (known after apply)
              ~ compliant_but_disallowed_services = [] -> (known after apply)
              ~ create_time                       = "2023-11-03T10:16:59.219361Z" -> (known after apply)
              ~ effective_labels                  = {} -> (known after apply)
              ~ ekm_provisioning_response         = [] -> (known after apply)
              - enable_sovereign_controls         = false -> null
              ~ id                                = "organizations/*******/locations/us-central1/workloads/00-f987c094-1081-4cab-8a17-527" -> (known after apply)
              + kaj_enrollment_state              = (known after apply)
              ~ name                              = "00-f987c094-1081-4cab-8a17-527" -> (known after apply)
              ~ resources                         = [
                  - {
                      - resource_id   = 910439807444
                      - resource_type = "ENCRYPTION_KEYS_PROJECT"
                    },
                  - {
                      - resource_id   = 1068176858711
                      - resource_type = "CONSUMER_FOLDER"
                    },
                ] -> (known after apply)
              ~ saa_enrollment_response           = [] -> (known after apply)
              ~ terraform_labels                  = {} -> (known after apply)
              - violation_notifications_enabled   = true -> null # forces replacement
                # (6 unchanged attributes hidden)
                # (1 unchanged block hidden)
            }
        Plan: 1 to add, 0 to change, 1 to destroy.
--- FAIL: TestAccAssuredWorkloadsWorkload_FullHandWritten (65.20s)
FAIL

b/309602192

[SarahFrench]

Seems to be linked to GoogleCloudPlatform/magic-modules#9370

[SarahFrench]

It looks like the violation_notifications_enabled field is being read into state (the API returns a true value) but this results in a permadiff because the field is Optional only, not Optional+Computed. This means the lack of violation_notifications_enabled in the Terraform config will cause a plan to remove the unexpected true value in state

terraform-provider-google/google/services/assuredworkloads/resource_assured_workloads_workload.go

Lines 148 to 153 in cba9803

	"violation_notifications_enabled": {
	Type: schema.TypeBool,
	Optional: true,
	ForceNew: true,
	Description: "Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.",
	},

However in the Beta version of the provider the field is O+C. Seems the problem is that the beta provider has an override that's missing in the GA provider

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.