ibm_iam_trusted_profile_template_assignment identifies an update in place after initial apply #6216
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform IBM Provider Version
Terraform v1.9.2
on darwin_arm64
+ provider registry.terraform.io/ibm-cloud/ibm v1.78.0
Affected Resource(s)
- ibm_iam_trusted_profile_template_assignment
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
provider "ibm" {
ibmcloud_api_key = "XXX"
}
terraform {
required_version = ">= 1.3.0"
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.78.0"
}
}
}
# Lookup default resource group
data "ibm_resource_group" "group" {
is_default = "true"
}
# Provision COS instance
resource "ibm_resource_instance" "cos" {
name = "cos"
resource_group_id = data.ibm_resource_group.group.id
service = "cloud-object-storage"
plan = "standard"
location = "global"
}
resource "ibm_iam_policy_template" "profile_template_policies" {
name = "test"
committed = true
policy {
type = "access"
description = "test"
resource {
attributes {
key = "serviceType"
value = "service"
operator = "stringEquals"
}
}
roles = ["Reader"]
}
}
resource "ibm_iam_trusted_profile_template" "trusted_profile_template_instance" {
name = "testing"
description = "test"
profile {
name = "test"
description = "test"
identities {
type = "crn"
iam_id = "crn-${ibm_resource_instance.cos.crn}"
identifier = ibm_resource_instance.cos.crn
}
}
policy_template_references {
id = ibm_iam_policy_template.profile_template_policies.template_id
version = ibm_iam_policy_template.profile_template_policies.version
}
committed = true
}
data "ibm_enterprise_accounts" "all_accounts" {}
data "ibm_enterprise_account_groups" "all_groups" {
depends_on = [data.ibm_enterprise_accounts.all_accounts]
}
locals {
group_targets = [
for group in data.ibm_enterprise_account_groups.all_groups.account_groups : {
id = group.id
type = "AccountGroup"
}
]
combined_targets = {
for target in local.group_targets :
"${target.type}-${target.id}" => target
}
}
resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
for_each = local.combined_targets
template_id = split("/", ibm_iam_trusted_profile_template.trusted_profile_template_instance.id)[0]
template_version = ibm_iam_trusted_profile_template.trusted_profile_template_instance.version
target = each.value.id
target_type = each.value.type
}Debug Output
Initial apply: enterprise.log
Subsequent plan: enterprise2.log
Panic Output
Expected Behavior
after the initial apply, if no config is chaning there should not be an updates in place being identified
Actual Behavior
An update in place is being identified for all the account groups. Seems like it wants to add resources to it?
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-3596923e5a674a7fa7eb01c5b17fce8e"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-dace3235-8878-4d36-92d0-186619cdf6fc"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-67d829433fbd46a38d80ce61e0e45bbd"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-cf2b92d3-692e-464c-8e24-b6881549fc07"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-6a3bb7d8e3954744bff30f9760734ffe"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-4cfeccb3-7bdf-4b38-b031-d77e04bb812d"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a2f9bc2a863a4172a591d37113179419"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-53e2a949-5378-492f-b351-137b5729076b"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a9548bd3d1d24a87ab5d7e2cc5d3da67"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-67c8c6c5-0a99-47d8-9ffd-d1f444620b22"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-de38c8ac0a194cb3ba956f2bf37b80ca"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-69cfb8b3-1b4a-4b76-8224-d3cf32707648"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f0c61f6d54bb43f4acd664bdea6b3735"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-45607661-9e1b-4f96-9c06-dcec4968e741"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f4ee918e05ef4c49af4ae77a8f7fd77e"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-ec78db83-2a1c-42b3-8e61-cb5df7a099dd"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f6d685dfa2844fe988f6c0e4c8675e43"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-c2148e95-322f-4e13-8e08-bbc0edf7cb69"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-fc260c2df6cf4038a89d43fcccad1b27"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-3a90e583-4636-4965-811a-9deac0c67ceb"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 10 to change, 0 to destroy.
Steps to Reproduce
terraform applyterraform plan
Important Factoids
Even after applying the update, another update is identified on next apply. the resource is not idempotent:
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-6a3bb7d8e3954744bff30f9760734ffe"]: Modifying... [id=TemplateAssignment-4cfeccb3-7bdf-4b38-b031-d77e04bb812d]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f0c61f6d54bb43f4acd664bdea6b3735"]: Modifying... [id=TemplateAssignment-45607661-9e1b-4f96-9c06-dcec4968e741]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-3596923e5a674a7fa7eb01c5b17fce8e"]: Modifying... [id=TemplateAssignment-dace3235-8878-4d36-92d0-186619cdf6fc]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-fc260c2df6cf4038a89d43fcccad1b27"]: Modifying... [id=TemplateAssignment-3a90e583-4636-4965-811a-9deac0c67ceb]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a2f9bc2a863a4172a591d37113179419"]: Modifying... [id=TemplateAssignment-53e2a949-5378-492f-b351-137b5729076b]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-67d829433fbd46a38d80ce61e0e45bbd"]: Modifying... [id=TemplateAssignment-cf2b92d3-692e-464c-8e24-b6881549fc07]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-de38c8ac0a194cb3ba956f2bf37b80ca"]: Modifying... [id=TemplateAssignment-69cfb8b3-1b4a-4b76-8224-d3cf32707648]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f4ee918e05ef4c49af4ae77a8f7fd77e"]: Modifying... [id=TemplateAssignment-ec78db83-2a1c-42b3-8e61-cb5df7a099dd]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a9548bd3d1d24a87ab5d7e2cc5d3da67"]: Modifying... [id=TemplateAssignment-67c8c6c5-0a99-47d8-9ffd-d1f444620b22]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f6d685dfa2844fe988f6c0e4c8675e43"]: Modifying... [id=TemplateAssignment-c2148e95-322f-4e13-8e08-bbc0edf7cb69]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-de38c8ac0a194cb3ba956f2bf37b80ca"]: Modifications complete after 1s [id=TemplateAssignment-69cfb8b3-1b4a-4b76-8224-d3cf32707648]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a2f9bc2a863a4172a591d37113179419"]: Modifications complete after 1s [id=TemplateAssignment-53e2a949-5378-492f-b351-137b5729076b]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f4ee918e05ef4c49af4ae77a8f7fd77e"]: Modifications complete after 1s [id=TemplateAssignment-ec78db83-2a1c-42b3-8e61-cb5df7a099dd]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f0c61f6d54bb43f4acd664bdea6b3735"]: Modifications complete after 1s [id=TemplateAssignment-45607661-9e1b-4f96-9c06-dcec4968e741]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-fc260c2df6cf4038a89d43fcccad1b27"]: Modifications complete after 1s [id=TemplateAssignment-3a90e583-4636-4965-811a-9deac0c67ceb]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f6d685dfa2844fe988f6c0e4c8675e43"]: Modifications complete after 1s [id=TemplateAssignment-c2148e95-322f-4e13-8e08-bbc0edf7cb69]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a9548bd3d1d24a87ab5d7e2cc5d3da67"]: Modifications complete after 1s [id=TemplateAssignment-67c8c6c5-0a99-47d8-9ffd-d1f444620b22]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-3596923e5a674a7fa7eb01c5b17fce8e"]: Modifications complete after 1s [id=TemplateAssignment-dace3235-8878-4d36-92d0-186619cdf6fc]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-6a3bb7d8e3954744bff30f9760734ffe"]: Modifications complete after 1s [id=TemplateAssignment-4cfeccb3-7bdf-4b38-b031-d77e04bb812d]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-67d829433fbd46a38d80ce61e0e45bbd"]: Modifications complete after 1s [id=TemplateAssignment-cf2b92d3-692e-464c-8e24-b6881549fc07]
Apply complete! Resources: 0 added, 10 changed, 0 destroyed.
% terraform apply
data.ibm_resource_group.group: Reading...
data.ibm_enterprise_accounts.all_accounts: Reading...
ibm_iam_policy_template.profile_template_policies: Refreshing state... [id=policyTemplate-e752cd3d-1465-4ee1-b6aa-7d9789c9144e/1]
data.ibm_resource_group.group: Read complete after 1s [id=d82058eb6da240adb7347777ca9c01c9]
ibm_resource_instance.cos: Refreshing state... [id=crn:v1:bluemix:public:cloud-object-storage:global:a/1f27e30e31f0486980cb0b2657d483f7:96542e00-7cda-4c93-8839-387c17ea9dff::]
data.ibm_enterprise_accounts.all_accounts: Read complete after 1s [id=2025-05-02 12:24:05.173394 +0000 UTC]
data.ibm_enterprise_account_groups.all_groups: Reading...
data.ibm_enterprise_account_groups.all_groups: Read complete after 0s [id=2025-05-02 12:24:05.465899 +0000 UTC]
ibm_iam_trusted_profile_template.trusted_profile_template_instance: Refreshing state... [id=ProfileTemplate-42908ed3-0457-4ccd-aa7a-70f850f85228/1]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a9548bd3d1d24a87ab5d7e2cc5d3da67"]: Refreshing state... [id=TemplateAssignment-67c8c6c5-0a99-47d8-9ffd-d1f444620b22]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f0c61f6d54bb43f4acd664bdea6b3735"]: Refreshing state... [id=TemplateAssignment-45607661-9e1b-4f96-9c06-dcec4968e741]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f4ee918e05ef4c49af4ae77a8f7fd77e"]: Refreshing state... [id=TemplateAssignment-ec78db83-2a1c-42b3-8e61-cb5df7a099dd]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-6a3bb7d8e3954744bff30f9760734ffe"]: Refreshing state... [id=TemplateAssignment-4cfeccb3-7bdf-4b38-b031-d77e04bb812d]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-3596923e5a674a7fa7eb01c5b17fce8e"]: Refreshing state... [id=TemplateAssignment-dace3235-8878-4d36-92d0-186619cdf6fc]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-67d829433fbd46a38d80ce61e0e45bbd"]: Refreshing state... [id=TemplateAssignment-cf2b92d3-692e-464c-8e24-b6881549fc07]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f6d685dfa2844fe988f6c0e4c8675e43"]: Refreshing state... [id=TemplateAssignment-c2148e95-322f-4e13-8e08-bbc0edf7cb69]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a2f9bc2a863a4172a591d37113179419"]: Refreshing state... [id=TemplateAssignment-53e2a949-5378-492f-b351-137b5729076b]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-fc260c2df6cf4038a89d43fcccad1b27"]: Refreshing state... [id=TemplateAssignment-3a90e583-4636-4965-811a-9deac0c67ceb]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-1bd63cbdccc44e7f8a543d0092e0b13e"]: Refreshing state... [id=TemplateAssignment-9fd92e1b-bd89-450d-a34b-52c975d9bcf0]
ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-de38c8ac0a194cb3ba956f2bf37b80ca"]: Refreshing state... [id=TemplateAssignment-69cfb8b3-1b4a-4b76-8224-d3cf32707648]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-3596923e5a674a7fa7eb01c5b17fce8e"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-dace3235-8878-4d36-92d0-186619cdf6fc"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-67d829433fbd46a38d80ce61e0e45bbd"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-cf2b92d3-692e-464c-8e24-b6881549fc07"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-6a3bb7d8e3954744bff30f9760734ffe"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-4cfeccb3-7bdf-4b38-b031-d77e04bb812d"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a2f9bc2a863a4172a591d37113179419"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-53e2a949-5378-492f-b351-137b5729076b"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-a9548bd3d1d24a87ab5d7e2cc5d3da67"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-67c8c6c5-0a99-47d8-9ffd-d1f444620b22"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-de38c8ac0a194cb3ba956f2bf37b80ca"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-69cfb8b3-1b4a-4b76-8224-d3cf32707648"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f0c61f6d54bb43f4acd664bdea6b3735"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-45607661-9e1b-4f96-9c06-dcec4968e741"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f4ee918e05ef4c49af4ae77a8f7fd77e"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-ec78db83-2a1c-42b3-8e61-cb5df7a099dd"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-f6d685dfa2844fe988f6c0e4c8675e43"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-c2148e95-322f-4e13-8e08-bbc0edf7cb69"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
# ibm_iam_trusted_profile_template_assignment.account_settings_template_assignment_instance["AccountGroup-fc260c2df6cf4038a89d43fcccad1b27"] will be updated in-place
~ resource "ibm_iam_trusted_profile_template_assignment" "account_settings_template_assignment_instance" {
id = "TemplateAssignment-3a90e583-4636-4965-811a-9deac0c67ceb"
+ resources = (known after apply)
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 10 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
References
- #0000