providers/google: equivalent IAM policies are treated as different

[paddycarver]

Terraform Version

0.8.5, 0.8.6, master

Affected Resource(s)

• google_project_iam_policy

Terraform Configuration Files

resource "google_project_iam_policy" "google-project" {
  project       = "${var.gcp_project}"
  policy_data   = "${data.google_iam_policy.policy-bindings.policy_data}"
  authoritative = false
}

data "google_iam_policy" "policy-bindings" {
  binding {
    role = "roles/viewer"

    members = [
      "user:[email protected]",
    ]
  }

  binding {
    role = "roles/viewer"

    members = [
      "user:[email protected]",
    ]
  }
}

Expected Behavior

After applying this, there should be no diff for terraform plan.

Actual Behavior

After applying this, there's a diff on terraform plan:

    policy_data: "{\"bindings\":[{\"members\":[\"user:[email protected]\",\"user:[email protected]\"],\"role\":\"roles/viewer\"}]}" => "{\"bindings\":[{\"members\":[\"user:[email protected]\"],\"role\":\"roles/viewer\"},{\"members\":[\"user:[email protected]\"],\"role\":\"roles/viewer\"}]}"

Steps to Reproduce

1. terraform apply
2. terraform plan

This is just a matter of getting the DiffSuppressFunc to collapse/expand policies as much as possible before comparing them, which will give us a common representation.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.