Terraform-provider-google: google_iam_policy is not idempotent

Created on 2 Jan 2020  ·  3Comments  ·  Source: hashicorp/terraform-provider-google

My versions

  • provider.google: version = "~> 3.2"

Terraform v0.12.18

  • provider.ansible (unversioned)
  • provider.google v3.2.0
  • provider.null v2.1.2

What was expected

Idempotency of google_iam_policy

What actually happens

The google_iam_policy is broken, not idempotent, shows that it wants to do changes over and over.

How to reproduce

My code is:

data "google_iam_policy" "storage" {
  depends_on = [google_project_iam_custom_role.new_storage_role]
  binding {
    role = "projects/${var.project_name}/roles/JupyterHubStorageAdmin.${var.environment}"
    members = [ "serviceAccount:${google_service_account.jupyterhub_service_account.email}" ]
  }
}

On any terraform apply it will try to make changes again and again:

Terraform will perform the following actions:

  # data.google_iam_policy.storage will be read during apply
  # (config refers to values not yet known)
 <= data "google_iam_policy" "storage"  {
      + id          = (known after apply)
      + policy_data = (known after apply)

      + binding {
          + members = [
              + "serviceAccount:[email protected]",
            ]
          + role    = "projects/mydomain/roles/JupyterHubStorageAdmin.production"
        }
    }

Any ideas if it's a bug or I am doing something wrong? (possibly)
Thanks in advance!

bug
Source
picture Dmitry1987

Most helpful comment

@Dmitry1987 you are using data which does not modify resources. Also I see below output when to call tf plan and tf apply. 

Plan: 0 to add, 0 to change, 0 to destroy.

I am closing this issue. If you think otherwise, please reopen it for further discussion. Thanks

picture edwardmedia on 3 Jan 2020
😄1 👍1

All 3 comments

@Dmitry1987 you are using data which does not modify resources. Also I see below output when to call tf plan and tf apply. 

Plan: 0 to add, 0 to change, 0 to destroy.

I am closing this issue. If you think otherwise, please reopen it for further discussion. Thanks

edwardmedia picture edwardmedia on 3 Jan 2020
😄1 👍1

@edwardmedia got it, thanks! My mistake...

Dmitry1987 picture Dmitry1987 on 3 Jan 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 2 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wmuizelaar picture wmuizelaar  ·  4Comments
pdecat picture pdecat  ·  3Comments
Evesy picture Evesy  ·  3Comments
jamielennox picture jamielennox  ·  4Comments
Evesy picture Evesy  ·  3Comments