Error when removing enable_secret_manager_addon: "Must specify a field to update" due to dynamic block removal #2402
Description
TL;DR
When enable_secret_manager_addon is removed from the module configuration, Terraform attempts to completely remove the secret_manager_config dynamic block from the GKE cluster, but the GKE API rejects this change with "Must specify a field to update" error. The dynamic block should be modified to always include the configuration with the enabled property set to the variable value, rather than conditionally creating/removing the entire block.
Expected behavior
It should disable the secret_manager_config field in
resource "google_container_cluster" "primary" {
Which is the default behaviour.
Observed behavior
Terraform will perform the following actions:
# module.gke.google_container_cluster.primary will be updated in-place
~ resource "google_container_cluster" "primary" {
id = "abc"
name = "abc-cluster"
# (39 unchanged attributes hidden)
~ node_pool_auto_config {
+ resource_manager_tags = {}
}
- secret_manager_config {
- enabled = true -> null
}
# (29 unchanged blocks hidden)
}
And the error is
Error: googleapi: Error 400: Must specify a field to update.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.RequestInfo",
"requestId": "0x780964743d1c0eed"
}
]
, badRequest
with module.gke.google_container_cluster.primary,
on .terraform/modules/private-cluster/cluster.tf line 22, in resource "google_container_cluster" "primary":
22: resource "google_container_cluster" "primary" {
Terraform Configuration
NATerraform Version
v1.11.1Terraform Provider Versions
google 6.42.0Additional information
No response