Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

google_storage_bucket resource shows spurious diff on labels for goog-terraform-provisioned on second terraform apply #19323

Closed
guineveresaenger opened this issue Aug 30, 2024 · 14 comments

Comments

@guineveresaenger
Copy link

guineveresaenger commented Aug 30, 2024

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform on arm64 (Apple M1)

  • provider registry.terraform.io/hashicorp/google v6.0.1
  • provider registry.terraform.io/hashicorp/google-beta v6.0.1

Affected Resource(s)

google_storage_bucket

Terraform Configuration

provider "google" {
  project     = <redacted>
  region      = "us-central1"
}

resource "google_storage_bucket" "guins_bucket_tf" {
  name     = "guins-bucket-tf"
  location = "US"
}

output "bucket_url" {
  value = google_storage_bucket.guins_bucket_tf.url
}

output "bucket_labels" {
  value = google_storage_bucket.guins_bucket_tf.labels
}

Debug Output

https://gist.github.com/guineveresaenger/2529dd33212923de29fc0c900fafaa50

Expected Behavior

terraform apply should show no diff

Actual Behavior

terraform apply shows diff on labels:

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # google_storage_bucket.guins_bucket_tf has changed
  ~ resource "google_storage_bucket" "guins_bucket_tf" {
        id                          = "guins-bucket-tf"
      + labels                      = {}
        name                        = "guins-bucket-tf"
        # (15 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }
(...)
Changes to Outputs:
  + bucket_labels = {}

Notably, terraform_labels and effective_labels do not show a diff.

Furthermore, thos label isn't actually removed from the cloud resource itself- it is only removed when add_terraform_attribution_label = false is set in the provider configuration.

Steps to reproduce

  1. terraform apply to create the resource
  2. terraform apply a second time - observe a diff

Important Factoids

No response

References

No response

b/364358577

@ggtisc
Copy link
Collaborator

ggtisc commented Sep 3, 2024

Confirmed issue!

Possible permadiff issue after creating the resources, when the 2nd terraform apply is executed to check if everything is ok it returns a message saying google_storage_bucket.guins_bucket_tf has changed. Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

@ggtisc ggtisc removed the forward/review In review; remove label to forward label Sep 3, 2024
@melinath
Copy link
Collaborator

melinath commented Sep 3, 2024

@zli82016 FYI another labels-related issue

@zli82016
Copy link
Collaborator

zli82016 commented Sep 3, 2024

@guineveresaenger and @ggtisc , I cannot reproduce the issue locally. Do I miss something?

The configuration I used:

provider "google" {
  add_terraform_attribution_label = false
}

resource "google_storage_bucket" "temp" { 
  name          = "tf-test-bucket-1"
  location      = "US"
  force_destroy = true
  uniform_bucket_level_access = true
}
  1. terraform apply to create the resource
  2. terraform plan is empty

@zli82016
Copy link
Collaborator

zli82016 commented Sep 3, 2024

I can reproduce the issue after chatting with @ggtisc offline.

@melinath
Copy link
Collaborator

melinath commented Sep 3, 2024

@zli82016 what was missing?

@zli82016
Copy link
Collaborator

zli82016 commented Sep 3, 2024

output "bucket_url" {
  value = google_storage_bucket.guins_bucket_tf.url
}

output "bucket_labels" {
  value = google_storage_bucket.guins_bucket_tf.labels
}

The two output blocks were missing originally to reproduce the issue.

output "bucket_url" {
  value = google_storage_bucket.guins_bucket_tf.url
}

output "bucket_labels" {
  value = google_storage_bucket.guins_bucket_tf.labels
}

@zli82016
Copy link
Collaborator

zli82016 commented Sep 3, 2024

This is not a new issue introduced by Terraform provider 6.0. It also happens on provider 5.x (I tested with 5.42).

After the second terraform apply, the third terraform apply doesn't show the diffs.

@zli82016
Copy link
Collaborator

zli82016 commented Sep 4, 2024

I don't think this is a bug in the Terraform provider. Other fields with schema.TypeMap have the same issue. I tested with the resource_tags field in google_bigquery_table resource.

To mitigate the issue, you can give a default value to bucket_labels

output "bucket_labels" {
  value = coalesce(google_storage_bucket.temp.labels, {})
}

@zli82016
Copy link
Collaborator

zli82016 commented Sep 4, 2024

@guineveresaenger or other people adding the thumb, did you see this issue with Terraform google provider 5.x?

@guineveresaenger
Copy link
Author

@zli82016 - this occurs on Google v5.x as well. I noticed for v6 because of the new goog-terraform-provisioned default label.

I'm not sure I understand why this is not a bug in the provider, do you have some more context here? Is this something that will only affect Labels? Given that there's a default label on everything now, it seems like a lot of noise regardless.

Thank you for finding additional resources with this issue, and for providing a mitigation. 💟

@zli82016
Copy link
Collaborator

zli82016 commented Sep 4, 2024

@zli82016 - this occurs on Google v5.x as well. I noticed for v6 because of the new goog-terraform-provisioned default label.

I'm not sure I understand why this is not a bug in the provider, do you have some more context here? Is this something that will only affect Labels? Given that there's a default label on everything now, it seems like a lot of noise regardless.

@guineveresaenger, thanks for the confirmation. Based on my testing, the issue doesn't happen without the output block. It doesn't only affect labels. Instead, it also affects other fields with type schema.TypeMap. It is more like an upstream Terraform core bug. Because of the default labels, the issue is more visible on labels field.

@zli82016
Copy link
Collaborator

zli82016 commented Sep 6, 2024

Opened an upstream bug hashicorp/terraform-plugin-sdk#1371

@zli82016
Copy link
Collaborator

This is a bug on the upstream SDKV2 and cannot be easily fixed in SDKV2. Migrating the resource to terraform-plugin-framework could fix the issue.

More info is hashicorp/terraform-plugin-sdk#1371 (comment)

I am going to close this issue for now. Feel free to reopen it if there any questions.

Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

6 participants