Plan: diff output not efficient

[ghost]

This issue was originally opened by @sylr as hashicorp/terraform#21818. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Terraform Version

terraform version
Terraform v0.12.2
+ provider.azurerm v1.30.1

Terraform Configuration Files

Origin:

resource "azurerm_network_security_group" "test-nsg" {
  name                = "test-nsg"
  resource_group_name = "${azurerm_resource_group.test-RG.name}"
  location            = "${azurerm_resource_group.test-RG.location}"

  security_rule {
    name                        = "rule1"
    priority                    = 500
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }

  security_rule {
    name                        = "rule2"
    priority                    = 600
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }

  security_rule {
    name                        = "rule3"
    priority                    = 700
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }
}

Target:

resource "azurerm_network_security_group" "test-nsg" {
  name                = "test-nsg"
  resource_group_name = "${azurerm_resource_group.test-RG.name}"
  location            = "${azurerm_resource_group.test-RG.location}"

  security_rule {
    name                        = "rule1"
    priority                    = 500
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }

  security_rule {
    name                        = "rule2-1"
    priority                    = 600
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }

  security_rule {
    name                        = "rule3"
    priority                    = 700
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.0.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }
}

Only rule2 name has been modified

Expected Behavior

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_network_security_group.test-nsg will be updated in-place
  ~ resource "azurerm_network_security_group" "test-nsg" {
        id                  = "/subscriptions/.../resourceGroups/test-RG/providers/Microsoft.Network/networkSecurityGroups/test-nsg"
        location            = "westeurope"
        name                = "test-nsg"
        resource_group_name = "test-RG"
      ~ security_rule       = [
            {
                access                                     = "Allow"
                description                                = ""
                destination_address_prefix                 = "*"
                destination_address_prefixes               = []
                destination_application_security_group_ids = []
                destination_port_range                     = "22"
                destination_port_ranges                    = []
                direction                                  = "Inbound"
                name                                       = "rule1"
                priority                                   = 500
                protocol                                   = "TCP"
                source_address_prefix                      = "10.0.0.0/28"
                source_address_prefixes                    = []
                source_application_security_group_ids      = []
                source_port_range                          = "*"
                source_port_ranges                         = []
            },
            {
                access                                     = "Allow"
                description                                = ""
                destination_address_prefix                 = "*"
                destination_address_prefixes               = []
                destination_application_security_group_ids = []
                destination_port_range                     = "22"
                destination_port_ranges                    = []
                direction                                  = "Inbound"
              ~ name                                       = "rule2-1"
                priority                                   = 600
                protocol                                   = "TCP"
                source_address_prefix                      = "10.0.0.0/28"
                source_address_prefixes                    = []
                source_application_security_group_ids      = []
                source_port_range                          = "*"
                source_port_ranges                         = []
            }
            {
                access                                     = "Allow"
                description                                = ""
                destination_address_prefix                 = "*"
                destination_address_prefixes               = []
                destination_application_security_group_ids = []
                destination_port_range                     = "22"
                destination_port_ranges                    = []
                direction                                  = "Inbound"
                name                                       = "rule3"
                priority                                   = 700
                protocol                                   = "TCP"
                source_address_prefix                      = "10.0.0.0/28"
                source_address_prefixes                    = []
                source_application_security_group_ids      = []
                source_port_range                          = "*"
                source_port_ranges                         = []
            }
        ]
        tags                = {}
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Actual Behavior

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_network_security_group.test-nsg will be updated in-place
  ~ resource "azurerm_network_security_group" "test-nsg" {
        id                  = "/subscriptions/.../resourceGroups/test-RG/providers/Microsoft.Network/networkSecurityGroups/test-nsg"
        location            = "westeurope"
        name                = "test-nsg"
        resource_group_name = "test-RG"
      ~ security_rule       = [
          - {
              - access                                     = "Allow"
              - description                                = ""
              - destination_address_prefix                 = "*"
              - destination_address_prefixes               = []
              - destination_application_security_group_ids = []
              - destination_port_range                     = "22"
              - destination_port_ranges                    = []
              - direction                                  = "Inbound"
              - name                                       = "rule1"
              - priority                                   = 500
              - protocol                                   = "TCP"
              - source_address_prefix                      = "10.0.0.0/28"
              - source_address_prefixes                    = []
              - source_application_security_group_ids      = []
              - source_port_range                          = "*"
              - source_port_ranges                         = []
            },
          - {
              - access                                     = "Allow"
              - description                                = ""
              - destination_address_prefix                 = "*"
              - destination_address_prefixes               = []
              - destination_application_security_group_ids = []
              - destination_port_range                     = "22"
              - destination_port_ranges                    = []
              - direction                                  = "Inbound"
              - name                                       = "rule2"
              - priority                                   = 600
              - protocol                                   = "TCP"
              - source_address_prefix                      = "10.0.0.0/28"
              - source_address_prefixes                    = []
              - source_application_security_group_ids      = []
              - source_port_range                          = "*"
              - source_port_ranges                         = []
            },
          + {
              + access                                     = "Allow"
              + description                                = ""
              + destination_address_prefix                 = "*"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "22"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "rule2-1"
              + priority                                   = 600
              + protocol                                   = "TCP"
              + source_address_prefix                      = "10.0.0.0/28"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
          - {
              - access                                     = "Allow"
              - description                                = ""
              - destination_address_prefix                 = "*"
              - destination_address_prefixes               = []
              - destination_application_security_group_ids = []
              - destination_port_range                     = "22"
              - destination_port_ranges                    = []
              - direction                                  = "Inbound"
              - name                                       = "rule3"
              - priority                                   = 700
              - protocol                                   = "TCP"
              - source_address_prefix                      = "10.0.0.0/28"
              - source_address_prefixes                    = []
              - source_application_security_group_ids      = []
              - source_port_range                          = "*"
              - source_port_ranges                         = []
            },
          + {
              + access                                     = "Allow"
              + description                                = null
              + destination_address_prefix                 = "*"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "22"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "rule1"
              + priority                                   = 500
              + protocol                                   = "TCP"
              + source_address_prefix                      = "10.0.0.0/28"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
          + {
              + access                                     = "Allow"
              + description                                = null
              + destination_address_prefix                 = "*"
              + destination_address_prefixes               = []
              + destination_application_security_group_ids = []
              + destination_port_range                     = "22"
              + destination_port_ranges                    = []
              + direction                                  = "Inbound"
              + name                                       = "rule3"
              + priority                                   = 700
              + protocol                                   = "TCP"
              + source_address_prefix                      = "10.0.0.0/28"
              + source_address_prefixes                    = []
              + source_application_security_group_ids      = []
              + source_port_range                          = "*"
              + source_port_ranges                         = []
            },
        ]
        tags                = {}
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[tombuildsstuff]

hi @sylr

Thanks for opening this issue - apologies for the delayed response here

As @apparentlymart has mentioned unfortunately this would need to be fixed in the Provider SDK before we could look to integrate this here - as such I'm going to close this issue and move the original issue over to the Provider SDK repository so that this can be added - once this new functionality is supported we can then look at supporting nested blocks within the Provider.

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!