Empty `deny` in the `tests` section constantly drifts

Question

Empty `deny` in the `tests` section constantly drifts

gberenice opened this issue 2 years ago · 1 comments

Describe the bug
After the resourcetailscale_acl is applied, the next plan run contains changes in tests ( rule deny = []) that are not expected.

To Reproduce
Steps to reproduce the behaviour:

Apply resource tailscale_acl where one of the tests contains empty deny entry:

resource "tailscale_acl" "default" {
  acl = jsonencode({
    tests : [
      {
        "src"    = "group:prod",
        "accept" = concat(local.prod_test_tags, local.non_prod_test_tags),
        "deny"   = [],
      },
    ]
  })
}

Run terraform plan, and see the drift

  # tailscale_acl.default will be updated in-place
  ~ resource "tailscale_acl" "default" {
      ~ acl = jsonencode(
          ~ {
              ~ tests         = [
                  ~ {
                      + deny   = []
                        # (2 unchanged elements hidden)
                    },
                ]
                # (4 unchanged elements hidden)
            }
        )
        id  = "acl"
    }

Expected behaviour
The plan is clear.

Desktop (please complete the following information):

OS: debian
Terraform Version v1.3.2
Provider Version v0.13.6

Answer 1 · 2023-02-22T11:54:57.000Z

Closing this since using "deny" = null fixed the issue.