google_compute_instance: metadata_startup_script ignore_changes is not working

[ghost]

This issue was originally opened by @Alexhha as hashicorp/terraform#19456. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Terraform Version

$ terraform -v
Terraform v0.11.10
+ provider.google v1.19.1
+ provider.random v1.3.1
+ provider.template v1.0.0

Terraform Configuration Files

provider "google" {
    credentials = "${file("~/.gce/test.json")}"
    project     = "jfrog-installers-test"
    region      = "europe-west1"
    version     = "~> 1.12"
}

provider "random" {
    version = "~> 1.3"
}

provider "template" {
    version = "~> 1.0"
}

data "template_file" "metadata_startup_script" {
    template = "${file("${path.module}/files/bootstrap.sh")}"
}

resource "google_compute_instance" "bs-test" {
    name         = "bs-test"
    machine_type = "f1-micro"
    zone         = "europe-west1-b"

    lifecycle {
        ignore_changes = ["metadata_startup_script"]
    }

    metadata_startup_script = "${data.template_file.metadata_startup_script.rendered}"

    boot_disk {
        initialize_params {
            image = "ubuntu-os-cloud/ubuntu-1804-lts"
            size  = 10
            type  = "pd-standard"
        }
    }

    network_interface {
        subnetwork = "test"
        access_config {
            nat_ip = ""
        }
    }

    service_account {
        scopes = ["userinfo-email", "compute-ro", "storage-ro"]
    }
}

Debug Output

Crash Output

Expected Behavior

If I change bootstrap.sh - no updates should occur

Actual Behavior

Every time instance get a new ip address

$ terraform apply
data.template_file.metadata_startup_script: Refreshing state...
google_compute_instance.bs-test: Refreshing state... (ID: bs-test)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ google_compute_instance.bs-test
      boot_disk.#:                                         "1" => "1"
      boot_disk.0.auto_delete:                             "true" => "true"
      boot_disk.0.device_name:                             "persistent-disk-0" => <computed>
      boot_disk.0.disk_encryption_key_sha256:              "" => <computed>
      boot_disk.0.initialize_params.#:                     "1" => "1"
      boot_disk.0.initialize_params.0.image:               "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20181120" => "ubuntu-os-cloud/ubuntu-1804-lts"
      boot_disk.0.initialize_params.0.size:                "10" => "10"
      boot_disk.0.initialize_params.0.type:                "pd-standard" => "pd-standard"
      network_interface.#:                                 "1" => "1"
      network_interface.0.access_config.#:                 "1" => "1"
      network_interface.0.access_config.0.assigned_nat_ip: "35.205.145.35" => <computed>
      network_interface.0.access_config.0.nat_ip:          "35.205.145.35" => <computed>
      network_interface.0.access_config.0.network_tier:    "PREMIUM" => <computed>
      network_interface.0.address:                         "10.0.7.7" => <computed>
      network_interface.0.name:                            "nic0" => <computed>
      network_interface.0.network_ip:                      "10.0.7.7" => <computed>
      network_interface.0.subnetwork:                      "https://www.googleapis.com/compute/v1/projects/test/regions/europe-west1/subnetworks/test" => "test"
      network_interface.0.subnetwork_project:              "test" => <computed>


Plan: 0 to add, 1 to change, 0 to destroy.

Steps to Reproduce

$ terraform init
$ terraform apply
$ date +'%s' >> files/bootstrap.sh
$ terraform apply

Additional Context

References

[paddycarver]

I'm afraid I don't understand. The changes shown in that diff aren't metadata_startup_script changes? It appears that boot_disk.0.initialize_params.0.image and network_interface.0.subnetwork are changing?

[Alexhha]

Yes, it's a little bit strange but if I change startup script terraform will recreate network interface and if we use google_compute_instance_group_manager it will fail at all

[Alexhha]

I have checked with AWS provider and it works as expected

provider "aws" {
    access_key = "123456789"
    secret_key = "987654321"
    region     = "eu-central-1"
}


data "template_file" "bootstrap" {
    template = "${file("${path.module}/files/boot.sh")}"
}


resource "aws_instance" "test" {
    ami           = "ami-034fffcc6a0063961"
    instance_type = "t2.micro"

    user_data = "${data.template_file.bootstrap.rendered}"

    lifecycle {
        ignore_changes = ["user_data"]
    }
}

If I change boot.sh file - nothing happens

$ date +'%s' >> files/boot.sh
$ terraform apply
data.template_file.bootstrap: Refreshing state...
aws_instance.test: Refreshing state... (ID: i-06a627047bed3ffe9)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

[nat-henderson]

That's very likely to be an upstream bug. @paddycarver: that indicates that the TPG CustomizeDiff isn't being called correctly, presumably due to the lifecycle block. What do you think?

[danawillow]

This is almost certainly hashicorp/terraform#18209, which will be fixed in the next upstream TF release. In the meantime, If you change the subnetwork to a full URL, that should fix the issue. I'm going to go ahead and close this issue since I don't think there's anything we can do here, but feel free to comment and let us know how it goes!

[Alexhha]

@danawillow

In the meantime, If you change the subnetwork to a full URL, that should fix the issue.

Thanks for the tip. It seems working fine. But I had to use full url for os image too. Instead of

projects/ubuntu-os-cloud/global/images/family/ubuntu-1804-lts

use the following

https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20181203a

Is that expected? Do I need to use full url by default?

[danawillow]

Some fields you do, but whatever the documentation at https://www.terraform.io/docs/providers/google/index.html says is what you'll have to do. In this particular case, an upstream bug meant that diffsuppressfuncs were being ignored, and so you had to have your config match state exactly

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!