Terraform Plan hides key unchanged attributes

[amerenda]

Terraform Version

Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v3.86.0
+ provider registry.terraform.io/hashicorp/google-beta v3.86.0

Terraform Configuration Files

data "google_iam_policy" "project-policy" {

  ## PRIMITIVE ROLES
  binding {
    role = "roles/owner"
    members = [
      "serviceAccount:${data.google_project.my-project.number}[email protected]",
      "serviceAccount:${data.google_project.road-iq.project_id}@appspot.gserviceaccount.com",
    ]
  }
  ...
}
resource "google_project_iam_policy" project-policy" {
  project = "my-project"
  policy_data = data.google_iam_policy.project.policy_data
}

Debug Output

N/A

Expected Behavior

Terraform output shows the role of the elements being changed

  # google_project_iam_policy.road-iq-iam will be updated in-place
  ~ resource "google_project_iam_policy" "road-iq-iam" {
        id          = "moove-road-iq-production"
      ~ policy_data = jsonencode(
          ~ {
              ~ bindings = [
                    # (34 unchanged elements hidden)
                    {
                        members = [
                            "serviceAccount:[email protected]",
                        ]
                        role    = "roles/storage.admin"
                    },
                  ~ {
                      ~ members = [
                          - "serviceAccount:[email protected]",
                            "serviceAccount:[email protected]",
                            # (2 unchanged elements hidden)
                        ]
                       role    = "roles/owner" # <---- THIS element should be shown
                    },
                    {
                        members = [
                            "serviceAccount:[email protected]",
                        ]
                        role    = "roles/vpcaccess.serviceAgent"
                    },
                ]
            }
        )
        # (2 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Actual Behavior

Terraform output hides the role of the element being changed.

...
                  ~ {
                      ~ members = [
                          - "serviceAccount:[email protected]",
                            "serviceAccount:[email protected]",
                            # (2 unchanged elements hidden)
                        ]
                        # (1 unchanged element hidden) <--- ROLE is hidden from output
                    },
...

Steps to Reproduce

Create a google iam policy (authoritative binding). Make a change outside of terraform, or make a change inside of terraform.
Role is hidden

Additional Context

Terraform is running via atlantis, or locally.

This bug makes it nearly impossible for me to reconcile my terraform plan with changes made outside of terraform, and makes it difficult to identify what is being changed in a plan with just the output of terraform plan

[crw]

Hi @amerenda, I believe this to be a duplicate (or a very specific subset) of this issue: #30753 -- If you agree, I will close this one as a dupe and reference it as a use case in the broader issue. Thanks!

[amerenda]

Hi @amerenda, I believe this to be a duplicate (or a very specific subset) of this issue: #30753 -- If you agree, I will close this one as a dupe and reference it as a use case in the broader issue. Thanks!

This is definitely the same issue, and summed up better in 30753.

Please feel free to close and reference

[crw]

Done! Be sure to go upvote that other issue, using the 👍 on the issue description. Thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.