Terraform-provider-google: container cluster is not indemptent

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

`
Terraform v0.11.12

• provider.google v2.1.0
  `

Affected Resource(s)

• google_container_cluster

Terraform Configuration Files

provider "google" {

  project     = "test-isocial"
#  region      = "europe-west1"
#  zone        = "europe-west1-b"
  region      = "us-west2"
  zone        = "us-west2-b"
}



data "google_compute_image" "centos7" {
  family    = "centos-7"
  project = "centos-cloud"
}

resource "google_compute_instance" "gcp-mgmt01" {
  name = "gcp-mgmt01"
  machine_type = "f1-micro"

  boot_disk {
    initialize_params {
      image = "${data.google_compute_image.centos7.self_link}"
    }
  }

  metadata = {
    purpose = "isocial"
  }

  network_interface {
    network = "default"
    access_config {
        network_tier = "PREMIUM"
#        network_tier = "STANDARD"
    }
  }
}

resource "google_container_cluster" "primary" {
  name   = "my-gke-cluster"
  region = "us-central1"

  # We can't create a cluster with no node pool defined, but we want to only use
  # separately managed node pools. So we create the smallest possible default
  # node pool and immediately delete it.
  remove_default_node_pool = true
  initial_node_count = 1

  # Setting an empty username and password explicitly disables basic auth
  master_auth {
    username = ""
    password = ""
  }

  node_config {
    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]

    labels = {
      foo = "bar"
    }

    tags = ["foo", "bar"]
  }
}

resource "google_container_node_pool" "primary_preemptible_nodes" {
  name       = "my-node-pool"
  region     = "us-central1"
  cluster    = "${google_container_cluster.primary.name}"
  node_count = 1

  node_config {
   # preemptible  = true
    machine_type = "f1-micro"

    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]
  }
}

# The following outputs allow authentication and connectivity to the GKE Cluster
# by using certificate-based authentication.
output "client_certificate" {
  value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
}

output "client_key" {
  value = "${google_container_cluster.primary.master_auth.0.client_key}"
}

output "cluster_ca_certificate" {
  value = "${google_container_cluster.primary.master_auth.0.cluster_ca_certificate}"
}

output "cluster_version" {
  value = "${google_container_cluster.primary.master_version}"
}

Expected Behavior

I run terraform apply.

I run it again, nothing changes

Actual Behavior

google_container_cluster.primary is recreated

Steps to Reproduce

1. Use above config
2. terraform apply
3. terraform apply

Output : https://gist.github.com/roidelapluie/accd50e74de46c99cde1f0fec3113ef7