Terraform-provider-google: KMS keys created with versions pre-2.9.0 get recreated with provider version 2.9.0

Created on 20 Jun 2019 · 5Comments · Source: hashicorp/terraform-provider-google

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

terraform -v
Terraform v0.11.13
+ provider.google v2.9.0
+ provider.google-beta v2.9.0
+ provider.random v2.1.2

Affected Resource(s)

google_kms_crypto_key

Terraform Configuration Files

resource "random_pet" "random_pet" {
}

resource "google_kms_key_ring" "key_ring" {
  location = "global"
  name = "${random_pet.random_pet.id}-keyring"
}

resource "google_kms_crypto_key" "demo_key" {
  key_ring = "${google_kms_key_ring.key_ring.self_link}"
  name = "${random_pet.random_pet.id}-demo-key"
}

Expected Behavior

After upgrading the google terraform provider version from 2.8.0 to 2.9.0 and running a plan we expect terraform to report that resources are up to date.

Actual Behavior

Terraform plan reports to create google_kms_crypto_key.


  + google_kms_crypto_key.demo_key
      id:                 <computed>
      key_ring:           "projects/REDACTED/locations/global/keyRings/ultimate-gorilla-keyring"
      name:               "ultimate-gorilla-demo-key"
      purpose:            "ENCRYPT_DECRYPT"
      self_link:          <computed>
      version_template.#: <computed>

Steps to Reproduce

Create a google_kms_crypto_key resource with terraform google provider version 2.8.0.
Run terraform plan - terraform reports no changes.
Upgrade the terraform google provider to 2.9.0.
Run terraform plan - terraform reports the google_kms_crypto_key is to be created.
Revert the version back to 2.8.0
Run terraform plan - terraform reports no changes.

bug

Source

dvulpe

👍15

Most helpful comment

Thanks, I could reproduce it and found the problem. Looking into a fix now.

drebes on 20 Jun 2019

👍4

All 5 comments

dvulpe on 20 Jun 2019

👍1

May also be related to GoogleCloudPlatform/magic-modules#1856.

Can you do a terraform state show google_kms_crypto_key.demo_key on 2.8.0 and paste results?

drebes on 20 Jun 2019

Sure, here are the results:

id                                  = projects/REDACTED/locations/global/keyRings/upright-poodle-keyring/cryptoKeys/upright-poodle-demo-key
key_ring                            = REDACTED/global/upright-poodle-keyring
name                                = upright-poodle-demo-key
rotation_period                     =
self_link                           = projects/REDACTED/locations/global/keyRings/upright-poodle-keyring/cryptoKeys/upright-poodle-demo-key
version_template.#                  = 1
version_template.0.algorithm        = GOOGLE_SYMMETRIC_ENCRYPTION
version_template.0.protection_level = SOFTWARE

If I run terraform state show google_kms_crypto_key.demo_key with 2.9.0 it renders the same result.

dvulpe on 20 Jun 2019

Thanks, I could reproduce it and found the problem. Looking into a fix now.

drebes on 20 Jun 2019

👍4

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!