google_compute_security_policy all rules getting recreated

[Sreerag74031]

While trying to add a new rule to an existing security policy, terraform plan shows all rules will be recreated. Is this an expected behaviour?

[venkykuberan]

@Sreerag74031 can you please share your config & plan output to understand what's going on ?

[mrkaleslie]

@Sreerag74031 i am getting a similar issue when i add a new rule, existing rules show they want to recreate

-     - rule {
-         - action      = "allow" -> null
-         - description = "description" -> null
-         - preview     = false -> null
-         - priority    = 100 -> null

-         - match {
-             - versioned_expr = "SRC_IPS_V1" -> null

-             - config {
-                 - src_ip_ranges = [
-                     - "x.x.x.x",
                    ] -> null
                }
            }
        }
+     + rule {
+         + action      = "allow"
+         + description = "description"
+         + priority    = 100

+         + match {
+             + versioned_expr = "SRC_IPS_V1"

+             + config {
+                 + src_ip_ranges = [
+                     + "x.x.x.x.x",
                    ]
                }
            }
        }

I found i was able to get around the issue by explicitly specifying preview = false

---

however in this example i am still seeing a false positive

-     - rule {
-         - action      = "allow" -> null
-         - description = "description" -> null
-         - preview     = false -> null
-         - priority    = 100 -> null

-         - match {

-             - expr {
-                 - expression = "request.path.matches('/some/path/')" -> null
               }
            }
        }
+     + rule {
+         + action      = "allow"
+         + description = "description"
+         + preview     = false
+         + priority    = 100
+         + match {

+             + expr {
+                 + expression = "request.path.matches('/some/path/')"
                }
            }
        }

[Sreerag74031]

@mrkaleslie thanks, i think the preview option fixed the issue.

[mrkaleslie]

Hi @Sreerag74031 would you be able to reopen this issue, although there is a work around i don't think it constitutes as a fix

[Sreerag74031]

Rule recreate issue for match -> config was resolved with including preview option, however for match -> expr the recreate issue is still there.
reopening the issue for rule match -> expr

[melinath]

🤦 accidentally triggered linking between that PR and this ticket. @mrkaleslie to make things easier & because there's a different underlying cause, could you open a new issue for the false positive case you mentioned? Please @ me on it so I can claim it. :-) Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!