google_compute_resource_policy Scheduler Destroys all VMs

[Ariestattoo]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.0.5
on linux_amd64

• provider registry.terraform.io/hashicorp/google v3.82.0
• provider registry.terraform.io/hashicorp/google-beta v3.82.0
• provider registry.terraform.io/hashicorp/template v2.2.0

Affected Resource(s)

• google_compute_resource_policy

Terraform Configuration Files

# Copy-paste your Terraform configurations here.
#
# For large Terraform configs, please use a service like Dropbox and share a link to the ZIP file.
# For security, you can also encrypt the files using our GPG public key:
#    https://www.hashicorp.com/security
#
# If reproducing the bug involves modifying the config file (e.g., apply a config,
# change a value, apply the config again, see the bug), then please include both:
# * the version of the config before the change, and
# * the version of the config after the change.

resource "google_compute_resource_policy" "downtime" {
  name   = "vm-machine-state"
  region = "us-central1"
  description = "Start and stop instances"
  instance_schedule_policy {
    vm_start_schedule {
      schedule = var.instance-schedule-start
    }
    vm_stop_schedule {
      schedule = var.instance-schedule-stop
    }
    time_zone = "America/Edmonton"
  }
}

Attached to instance declaration

  resource_policies         = [
          google_compute_resource_policy.downtime.id
        ]

Debug Output

Panic Output

Expected Behavior

Schedules changes and attachments to instance should update and attach

Actual Behavior

When modifying or adding an instance schedule to an instance the instance requires destruction and rebuild. Even if you use the gcloud command which does not destroy the instance
gcloud compute instances add-resource-policies VM_NAME
--resource-policies=SCHEDULE_NAME
[--zone=ZONE]
Terraform will try and incorporate the change into its state and destroy and rebuild the instance. Additionally, if you change the schedule it will also destroy and rebuild the instance.

Steps to Reproduce

1. Create a basic compute instance

resource "google_compute_instance" "default" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

2. Create a scheduling resource policy

resource "google_compute_resource_policy" "downtime" {
  name   = "vm-machine-state"
  region = "us-central1"
  description = "Start and stop instances"
  instance_schedule_policy {
    vm_start_schedule {
      schedule = var.instance-schedule-start
    }
    vm_stop_schedule {
      schedule = var.instance-schedule-stop
    }
    time_zone = "America/Edmonton"
  }
}

3. Terraform apply
4. Add the schedule to the instance

resource "google_compute_instance" "default" {
  name         = "test"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  tags = ["foo", "bar"]
  resource_policies         = [
          google_compute_resource_policy.downtime.id
        ]
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

5. Terraform apply
   Plan will destroy the instance to attach the schedule.
   - resource_policies = [
   - "https://www.googleapis.com/compute/beta/projects/xxxxxxx/regions/us-central1/resourcePolicies/vm-machine-state",
   ] -> null # forces replacement

Important Factoids

References

• #0000

[edwardmedia]

@Ariestattoo can you detail the steps to repro the issue? What is excepted and what is the actual result?

[Ariestattoo]

Hi @edwardmedia I have updated the initial comment with more details

[edwardmedia]

I see there are two POST request available addResourcePolicies and removeResourcePolicies

[hanneshayashi]

Also facing this issue.
To be fair, it seems to be in the docs: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#resource_policies

A list of short names or self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate

Still, I would argue that this is not ideal behaviour and I can't immediately see why the provider would need to behave like this, considering that in-place modification is obviously possible via the API. I will try and test if just removing

terraform-provider-google/google/resource_compute_instance.go

Line 757 in e07231a

ForceNew: true,

causes any other issues.

Edit: Yeah, that was a dumb idea :). There is no actual code to check for a change and call the API.

[hanneshayashi]

I have this working locally now with a small patch. Can I submit a PR or is there any procedure I need to follow?

[hanneshayashi]

I opened a PR with the changes I made locally. I hope that's ok. If I need to follow any additional steps, please let me know.

[Ariestattoo]

Thanks for your time on this @hanneshayashi and @edwardmedia. My understandng that Hashicorp is short staffed right now and not working through community pull requests. Hopefully soon.

[hanneshayashi]

As far as I understand, that only applies to the main Terraform repo and not the providers:
https://www.hashicorp.com/blog/terraform-community-contributions

The broader Terraform ecosystem is not impacted, and we are continuing to review a large number of contributions to our ecosystem of providers on a daily basis.

Although I guess everyone at HashiCorp is pretty busy in general. If there is anything I can do to help get this merged, please let me know @edwardmedia

[hanneshayashi]

@ndmckinley Since my PR was merged, should this issue be closed?

[nat-henderson]

Ah, yes, thank you! This will be released in the next release of these providers, October 4th.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.