Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

terraform 1.5.7 ibm 1.73.0

Affected Resource(s)

ibm_is_vpn_gateway_connection

Terraform Configuration Files

resource "ibm_is_vpn_gateway_connection" "vpc_connection" {
  name          = "gw-vpn-cnx"
  vpn_gateway   = ibm_is_vpn_gateway.vpn_gateway.id
  preshared_key = "ibm_sm_arbitrary_secret"
  peer {
      address  = var.peer_address
      cidrs    = var.peer_cidrs   
  }
  local {
      cidrs   = concat([ibm_is_subnet.subnet.ipv4_cidr_block], var.ibm_local_cidrs)
  }
  ike_policy = ibm_is_ike_policy.ike_policy.id
  ipsec_policy = ibm_is_ipsec_policy.ipsec_policy.id
}

Expected Behavior

adding an address in var ibm_local_cidrs should be taken in consideration and the vpn gateway connection should be updated accordingly.

Actual Behavior

terraform detects the change as in this output

2025/01/07 14:24:09 Terraform apply | ~ resource "ibm_is_vpn_gateway_connection" "partecis_connection" {
2025/01/07 14:24:09 Terraform apply | id = "VPN_CONNECTION_ID"
2025/01/07 14:24:09 Terraform apply | name = "gw-vpn-cnx"
2025/01/07 14:24:09 Terraform apply | # (23 unchanged attributes hidden)
2025/01/07 14:24:09 Terraform apply |
2025/01/07 14:24:09 Terraform apply | ~ local {
2025/01/07 14:24:09 Terraform apply | ~ cidrs = [
2025/01/07 14:24:09 Terraform apply | + "10.2.0.0/24",
2025/01/07 14:24:09 Terraform apply | # (3 unchanged elements hidden)
2025/01/07 14:24:09 Terraform apply | ]
2025/01/07 14:24:09 Terraform apply |
2025/01/07 14:24:09 Terraform apply | # (1 unchanged block hidden)
2025/01/07 14:24:09 Terraform apply | }
2025/01/07 14:24:09 Terraform apply |
2025/01/07 14:24:09 Terraform apply | # (1 unchanged block hidden)
2025/01/07 14:24:09 Terraform apply | }
2025/01/07 14:24:09 Terraform apply |
2025/01/07 14:24:09 Terraform apply | Plan: 1 to add, 2 to change, 1 to destroy.

However during the deploy , no update is done
terraform shows modification complete but it is not the case.
2025/01/07 14:24:18 Terraform apply | module.vpn["edge"].ibm_is_vpn_gateway_connection.vpn_connection: Modifications complete after 6s [id=VPN_CONNECTION_ID]

Steps to Reproduce

1. create a vpn connection
2. add a local cidrs (in terraform code)
3. apply via terraform

Important Factoids

looking in the code https://github.com/IBM-Cloud/terraform-provider-ibm/blob/master/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go
no condition is put for local cidrs change:
https://github.com/IBM-Cloud/terraform-provider-ibm/blob/master/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go#L728

which explains the bug
would you please confirm if this is intended or if it can be changed to allow the addition / deletion of ibm local cidrs
thanks