You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
locals {
# Copy of Viewer Plus API has been duplicated by Akamai for some reason# We don't seem to use this so we'll ignore this grantable role for nowrole_name_to_id={ forroleindata.akamai_iam_grantable_roles.this.grantable_roles:role.name=>role.granted_role_idifrole.name!="Copy of Viewer Plus API" }
granted_roles=[
"API Gateway Viewer",
"API Prioritization Cloudlet Viewer",
"Access Account IP ACL - View ONLY",
"Adaptive Acceleration - View only",
"Fast DNS - View only",
"Firewall Rules Notification - View",
"Forward Rewrite Cloudlet Viewer",
"FrontEndOptimization - View Only",
"IDM: API Clients - User Access"
]
}
resource"akamai_iam_role""this" {
name="test-role"description="Testing some things out on terraform"granted_roles=[forroleinlocal.granted_roles:local.role_name_to_id[role]]
type="custom"
}
data"akamai_iam_grantable_roles""this" {}
terraform {
required_providers {
akamai={
source ="akamai/akamai"
version ="5.5.0"
}
}
}
output"roles" {
description="test"value=[forroleindata.akamai_iam_grantable_roles.this.grantable_roles:role.nameifcontains(akamai_iam_role.this.granted_roles, role.granted_role_id)]
}
provider"akamai" {
# Configuration options
}
Changing one entry in the list of granted_roles should generate just one change in the terraform plan output.
Actual Behavior
Lots of changes are shown:
# akamai_iam_role.this will be updated in-place
~ resource"akamai_iam_role""this" {
~ granted_roles=[
-81601,
-83891,
-95380,
109223,
-75563,
88029,
-96541,
-86527,
+83891,
+95380,
+81601,
1231,
+86527,
+75563,
+96535,
]
id="135091"name="test-role"# (2 unchanged attributes hidden)
}
Plan:0 to add, 1 to change, 0 to destroy.
Changes to Outputs:
~ roles=[
# (7 unchanged elements hidden)"FrontEndOptimization - View Only",
-"IDM: API Clients - User Access",
+"IDM: API Clients - Admin Access",
]
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
change the 'IDM: API Clients - User Access' to 'IDM: API Clients - Admin Access'
terraform plan
Important Factoids
N/A
References
It seems like the granted_roles was changed from TypeSet to TypeList in cf6606c. The DiffSuppressFunc that was added is not behaving as I would expect in this case
The text was updated successfully, but these errors were encountered:
mstojanowski
changed the title
Changing granted_roles in an IAM role generates a much larger diff than needed
DXE-3614 Changing granted_roles in an IAM role generates a much larger diff than needed
Feb 21, 2024
Terraform Version
1.7.3
Affected Resource(s)
akamai_iam_role
Terraform Configuration Files
Debug Output
https://gist.github.com/landrew57/081c6c5113e7ff74463566f1f030cb6b
Expected Behavior
Changing one entry in the list of
granted_roles
should generate just one change in theterraform plan
output.Actual Behavior
Lots of changes are shown:
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
terraform plan
Important Factoids
N/A
References
granted_roles
was changed fromTypeSet
toTypeList
in cf6606c. TheDiffSuppressFunc
that was added is not behaving as I would expect in this caseThe text was updated successfully, but these errors were encountered: