ibm_iam_account_settings modify issue

[jpmonge86]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

$ terraform -v
Terraform v1.0.9
on darwin_amd64
+ provider registry.terraform.io/eiqops/restapi v1.15.1
+ provider registry.terraform.io/ibm-cloud/ibm v1.34.0

Affected Resource(s)

• ibm_cloud_shell_account_settings

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

// Configure IAM account settings
resource "ibm_iam_account_settings" "iam_account_settings_instance" {
  if_match = "*"
  allowed_ip_addresses = ""
  #allowed_ip_addresses = ""
  mfa = "NONE"
  restrict_create_service_id = "RESTRICTED"
  restrict_create_platform_apikey = "RESTRICTED"
  session_expiration_in_seconds = "3600"
  session_invalidation_in_seconds = "3600"
}

Debug Output

$ terraform apply
ibm_iam_account_settings.iam_account_settings_instance: Refreshing state... [id=5a5b9393966873091a0d13cd50dc40ad]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # ibm_iam_account_settings.iam_account_settings_instance will be updated in-place
  ~ resource "ibm_iam_account_settings" "iam_account_settings_instance" {
      + allowed_ip_addresses            = "201.191.6.64"
        id                              = "5a5b9393966873091a0d13cd50dc40ad"
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

ibm_iam_account_settings.iam_account_settings_instance: Modifying... [id=5a5b9393966873091a0d13cd50dc40ad]
ibm_iam_account_settings.iam_account_settings_instance: Modifications complete after 1s [id=5a5b9393966873091a0d13cd50dc40ad]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Joses-MBP:account-iam-settings jpmonge$ terraform apply
ibm_iam_account_settings.iam_account_settings_instance: Refreshing state... [id=5a5b9393966873091a0d13cd50dc40ad]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Actual configuration was never changed, I confirmed via API call and UI

{
    "account_id": "5a5b9393966873091a0d13cd50dc40ad",
    "restrict_create_service_id": "RESTRICTED",
    "restrict_create_platform_apikey": "RESTRICTED",
    "allowed_ip_addresses": "201.191.6.64",
    "entity_tag": "88-440fc9df4b629647e19149c156b49a8b",
    "mfa": "NONE",
    "history": [],
    "session_expiration_in_seconds": "3600",
    "session_invalidation_in_seconds": "3600",
    "max_sessions_per_identity": "NOT_SET"
}

Expected Behavior

Resource update to make changes on target system.

Actual Behavior

Terraform change/update execution does not work with allowed_ip_addresses.

Steps to Reproduce

1. terraform apply > this works ok the first time if you start with no IP configuration (everything allowed) and add a new IP(s)
2. terraform apply > after setting field back to "" to reset the setting, terraform reports a change that took place, but no change is made in account setting, subsequent applies report no changes to infrastructure unless one sets the field to something than it is not either the original value (step1) or "".

[kavya498]

allowed_ip_addresses is marked as computed..
and that is the reason it is not detecting diff, when no value is passed..
Will have to check with IAM team, if there is specific reason behind marking this argument as computed..

[jpmonge86]

allowed_ip_addresses is marked as computed.. and that is the reason it is not detecting diff, when no value is passed.. Will have to check with IAM team, if there is specific reason behind marking this argument as computed..

Strange @kavya498 , if I send an API call with value set to "", the filter is removed/disabled.