BigQuery dataset access order is still not being ignored

[weeco]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

➜  bigquery git:(master) terraform -v
Terraform v0.12.3
+ provider.google v2.9.1

Affected Resource(s)

• google_bigquery_dataset

Terraform Configuration Files

resource "google_bigquery_dataset" "temp" {
  dataset_id = "temp"
  project    = "${data.google_project.project.project_id}"
  location   = "${var.location}"

  default_table_expiration_ms = "2419200000"

  access {
    role           = "WRITER"
    group_by_email = "[email protected]"
  }
  access {
    role           = "WRITER"
    group_by_email = "[email protected]"
  }
}

Expected Behavior

When you add a new role it should only show this newly created access role in the changes.

Actual Behavior

Apparently the order of the access roles seem to matter. It shows the deletion of the previously existing roles and the addition of these roles again. It also includes the new role, but on datasets which have more than 5 access permissions it's very hard to review changes.

[rileykarson]

Looks like this is happening at the TF core level, filed hashicorp/terraform#21901

[ScottSuarez]

Re-triage to see if this is workable. I don't believe it to be.

[wj-chen]

Received recent updates in hashicorp/terraform#21901 that this will require a major migration in the provider platform from SDK to Plugin. Would it be possible to introduce some shared util for all Google providers to use for diff suppression in the meantime? If so it'd make sense to create a separate issue to track that.

[rileykarson]

The root cause here is that Terraform is failing to associate the old and new values with each other properly because the hash of entries in the set (used for diff comparisons for sets) is different between null and empty ("") strings. We would need to propose the empty string as the new value for all the subfields of access- potentially by setting Default: ""- or write a custom hash function that takes that into account.

Both approaches are probably resource-specific rather than general. Normal diff suppression wouldn't work well because the entries aren't associating with each other properly.

[wj-chen]

Thank you. We will experiment with these suggestions fo resource-specific diff suppression.