Constant "changes" in libvirt_domain -> network_interface -> network_id

[alexs77]

Using Terraform v1.8.5 on linux_amd64 and libvirt v0.8.1 and:

[root@kvm-host]:~# virsh version
Compiled against library: libvirt 8.0.0
Using library: libvirt 8.0.0
Using API: QEMU 8.0.0
Running hypervisor: QEMU 6.2.0

Whenever I run terraform plan -out=vm-1a.out && terraform apply vm-1a.out && terraform plan -out=vm-1b.out, I get a "warning" that the network_id is missing in libvirt_domain -> network_interface and will be added again:

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
Terraform will perform the following actions:
  # module.tci_kvm.libvirt_domain.this will be updated in-place
  ~ resource "libvirt_domain" "this" {
        id          = "9c4575f5-9a14-4147-995e-b866b68f788b"
        name        = "vtcl-qatestvm-zbl-110.domain.tld"
        # (15 unchanged attributes hidden)
      ~ network_interface {
          + network_id     = "9cdee972-fc42-4329-a013-5f15bcf3572a"
            # (9 unchanged attributes hidden)
        }
      ~ network_interface {
          + network_id     = "0d9c0542-d26d-4a42-a5ae-ac5dc017bf95"
            # (9 unchanged attributes hidden)
        }
        # (7 unchanged blocks hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

virsh net-dumpxml shows the UUID in network_id. Eg.:

[root@htcl-kvm-zbl-111]:~# virsh net-dumpxml --network vtcl-qatestvm-zbl-110.domain.tld__ens4
<network connections='1'>
  <name>vtcl-qatestvm-zbl-110.domain.tld__ens4</name>
  <uuid>9cdee972-fc42-4329-a013-5f15bcf3572a</uuid>
  <forward mode='bridge'/>
  <bridge name='br2002'/>
</network>

The UUID stays constant over multiple terraform plan/apply runs.

Why's that?

Relevant terraform source code:

variable "nics" {
  type = map(object({
    address = optional(string)
    netmask = number
    ns      = optional(list(string))
    vlan_id = number

    routes = optional(list(object({
      address = string
      netmask = number
      gateway = string
    })))
  }))
}

resource "libvirt_network" "these" {
  for_each = var.nics

  name      = join("__", [local.name, each.key])
  addresses = [local.nics_addresses[each.key]]
  autostart = true
  bridge    = "br${each.value.vlan_id}"
  mode      = "bridge"

  dhcp {
    enabled = false
  }

  dns {
    enabled    = true
    local_only = false
  }
}

resource "libvirt_domain" "this" {
  # …
  dynamic "network_interface" {
    for_each = var.nics

    content {
      bridge         = "br${var.nics[network_interface.key].vlan_id}"
      network_id     = libvirt_network.these[network_interface.key].id
      wait_for_lease = false
    }
  }
  # …
}

vm.tfvars file contains:

nics = {

  # Network default
  "ens3" = {
    netmask = 27
    ns      = ["193.47.226.205", "193.47.226.45"]
    vlan_id = 2001

    routes = [{
      address = "0.0.0.0"
      netmask = 0
      gateway = "10.123.220.1"
    }]
  }

  # Network backup
  "ens4" = {
    address = "vtcl-qatestvm-zbl-110-bkp.domain.tld"
    netmask = 27
    vlan_id = 2002
  }

  # Network monitoring
  "ens5" = {
    address = "vtcl-qatestvm-zbl-110-mon.domain.tld"
    netmask = 27
    vlan_id = 2004
  }
}