Terraform plan with 'google_compute_security_policy' not show the creation of existing resources

[skymoraa]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.14.4
+ provider registry.terraform.io/hashicorp/google v3.54.0

Affected Resource(s)

• google_compute_security_policy

Terraform Configuration Files

resource "google_compute_security_policy" "policy" {
  name = "my-policy"

  rule {
    action   = "allow"
    priority = "100"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["1.1.1.1/32"]
      }
    }
    description = "test"
  }

  rule {
    action   = "allow"
    priority = "101"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["2.2.2.2/32"]
      }
    }
    description = "test1"
  }
  
  rule {
    action   = "deny(404)"
    priority = "2147483647"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    description = "Deny access to all IPs"
  }
}

Expected Behavior

I expect that running a terraform plan, if a resource exists but it is not present in the state on bucket, the command want to add the resource until i import it in state.
For examples: rule with priority=101 created by gcp console, then add configuration into .tf file and run a plan.

Actual Behavior

Instead, terraform plan shows "No changes. Infrastructure is up-to-date.". Moreover then doing a terraform apply puts it on the state. But the plan before didn't show it.

Steps to Reproduce

1. Create policy manualy with console
2. Run terraform plan with the same resources (nothing is displayed)
3. Run terraform apply on "No changes. Infrastructure is up-to-date" and the state will be refreshed

References

• https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_security_policy

b/305279834

[venkykuberan]

@skymoraa if you want to bring a resource created in google console to a terraform managed resource, you need to use terraform import command. Hope that helps.

[MoraAndrea]

Yes I agree, but without the import the plan shouldn't show me the resource to add, because it is not present in the state? As it happens for other resources

Because terraform plan doesn't show it and if I run terraform apply the resource is still added to the state even if the plan did not say so.

[venkykuberan]

Can you add debug output of your tf plan command, just want to check the calls we are making there.

[skymoraa]

Debug Output Log:
terraform_log_debug.log

Rule with priority=100 and default create with terraform. Rule priority=101 create manualy and then add configuration on tf. Terraform plan make a rest call and find resource. But doesn't it make a difference with the state?

State:
stete.txt

[maxi-cit]

Hello there, I started checking on this. @skymoraa could you get if this issue still persist on latest provider version?