Cloud NAT gets recreated when adding the default values for some parameters

[rolandkool]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• If an issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to "hashibot", a community member has claimed the issue already.

Terraform Version

provider version 1.20

Affected Resource(s)

• google_compute_router_nat

Expected Behavior

When adding a parameter with the default value, the resource should not get recreated.

Actual Behavior

Terraform sees a change: value gets changed from 0 to the default. It should have been the default value already. Now it sees a change and it recreates the resource.

Steps to Reproduce

Start with:

resource "google_compute_router_nat" "my-nat-gateway" {
  name                               = "my-nat-gateway"
  router                             = "${google_compute_router.my-nat-gateway.name}"
  region                             = "europe-west4"
  nat_ip_allocate_option             = "AUTO_ONLY"
  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}

Terraform apply to create it.

Now add the following (defaults) to the tf file:

  min_ports_per_vm                 = "64"
  tcp_established_idle_timeout_sec = "1200"
  tcp_transitory_idle_timeout_sec  = "30"
  udp_idle_timeout_sec             = "30"
  icmp_idle_timeout_sec            = "30"

Run terraform plan/apply and see it forces a new resource because, for example:
udp_idle_timeout_sec: "0" => "30" (forces new resource)

Important Factoids

Can't work around the issue by using import. Even if the tf file already contains all the settings, the state file contains the "0" value in stead of the default value for each of the parameters. So perhaps the import piece has a bug as well?

References

#2773

b/301065933

[rileykarson]

It appears that this API doesn't return values if we send empty values for these attributes, but sets these defaults uptream. Terraform doesn't have much it can do to remediate this situation unfortunately, as adding a Terraform-side default would constitute a breaking change (since it would cause a diff and recreate for users of the implicit defaults).

While this could be worked around with a migration / diff suppression, I'm not sure it's worth the cost; is this a major problem for any of you, or is recreating in this situation acceptable?

[pratikmallya]

It appears that this API doesn't return values if we send empty values for these attributes, but sets these defaults uptream.

How do other API's work? Do other resources return default values if not set explicitly?

• If they do, I agree that this does seem like an upstream issue since cloud NAT API seems to be different than other resources.
• If they don't... why would this be a special case?

[ScottSuarez]

Can this ticket be re-examined in triage. I'm recommending we do don't make this change.

[rileykarson]

default_if_empty may be able to resolve this safely.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.