iap_config.enable issues after 12.0 upgrade

[romankor]

TL;DR

It might be a typo in "enable"

it is spelled "enabled" instead of "enable"

terraform is in a drift state after each apply

Expected behavior

No response

Observed behavior

backend services are set with

    iap_config = {
      enable               = false
    }

but there is a drift all the time after update

  # module.relays[0].module.lb_reg.module.app_glbc_global.google_compute_backend_service.default["relay443"] will be updated in-place
  ~ resource "google_compute_backend_service" "default" {
        id                              = "projects/twingate-dev/global/backendServices/dev-relay-backend-relay443"
        name                            = "dev-relay-backend-relay443"
        # (22 unchanged attributes hidden)

      - iap {
          - enabled                     = false -> null
            # (3 unchanged attributes hidden)
        }

        # (2 unchanged blocks hidden)
    }

Terraform Configuration

source                 = "GoogleCloudPlatform/lb-http/google//modules/dynamic_backends"
  version                = "~> 12.0"

### Terraform Version

1.9.2

### Additional information

_No response_

[imrannayer]

@romankor according to the provider doc it is suppose to be enabled.
Can u plz post your iap code block here?

[joran-fonjallaz]

hello @imrannayer

same issue here with

source  = "GoogleCloudPlatform/lb-http/google"
version = "12.0.0"

iap is in constant drift after upgrading to 12.0.0. from 11.1.0.

Here's the terraform plan output in tf cloud

The tf code is the following

module "lb_http" {
  project = var.project_id
  source  = "GoogleCloudPlatform/lb-http/google"
  version = "12.0.0"

  name = var.name

  http_forward     = false
  https_redirect   = true
  ssl              = true
  ssl_certificates = var.ssl_certificates
  ssl_policy       = var.ssl_policy

  load_balancing_scheme = "EXTERNAL_MANAGED"

  firewall_networks = var.firewall_networks
  firewall_projects = var.firewall_projects

  target_service_accounts = var.target_service_accounts
  url_map                 = google_compute_url_map.default.self_link
  create_url_map          = false

  backends = {
    foo = {
      description     = "foo."
      protocol        = "HTTP"
      port            = "8000"
      security_policy = var.security_policy
      health_check = {
        request_path = "/healthz"
        port         = 8100
        protocol     = "HTTP"
      }
      groups = [
        # some groups here
      ]
      enable_cdn = false
      iap_config = {
        enable = false
      }
      log_config = {
        enable      = true
        sample_rate = 1.0
      }
    }
  }
}

to be noted that the terraform documentation of the compute_backend_service uses enabled https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service#enabled

while the module uses enable https://github.com/terraform-google-modules/terraform-google-lb-http/blob/master/variables.tf#L139 (without d). That's maybe the reason of the constant drift ?

[imrannayer]

Provider behavior changed in 6.0. iap block is now required although documentation says otherwise. It use to set to false when block is not provided. It still does that but keep showing as diff. We will need to change the condition for this block. I will send the PR