Allow module output when configuring firewall

[jackwhelpton]

Floated as a possible fix for #10494, but very much a work in progress.

[rileykarson]

@slevenick, if you don't mind reviewing this! One other thing to look into is NewValueKnown (https://github.com/hashicorp/terraform-plugin-sdk/blob/main/helper/schema/resource_diff.go#L416-L423), which can help distinguish between values that are known / unknown. Unknown values will get returned as their zero value in a CustomizeDiff, and I forget what GetOkExists will report.

[jackwhelpton]

Any updates on this?

[slevenick]

So, this seems to not quite work. If a user specifies source_ranges during creation and then removes it from their config, Terraform does not throw an error because it finds that source_ranges exists (due to the computed value being in state)

But, I think this is a better behavior than what currently exists, and I'm not really sure that we can handle this in a better way

[jackwhelpton]

Ah, I see the problem. I tested the scenario where no source_ranges exists to begin with, but not what happens if it's initially there and then removed. I think I agree that this proposal may be better than the current behavior, as at the moment perfectly valid setups are failing, something that can be seen in the examples for other modules.

I am curious if we can do better, though... I'm new to the provider codebase so I'll take your steer on that.

Also wondering if we should close out this PR in favor of GoogleCloudPlatform/magic-modules#5526.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.