Describe the bug
The avi_httppolicyset resource shows changes on every terraform plan even when no configuration changes have been made. The resource is constantly trying to replace the http_request_policy block.
Reproduction steps
- Create an
avi_httppolicyset resource with http_request_policy rules
- Run
terraform apply - succeeds
- Run
terraform plan again with no changes
- Observe perpetual drift
Expected behavior
Expected Behavior
Running terraform plan with no configuration changes should show "No changes. Your infrastructure matches the configuration."
Actual Behavior
Every terraform plan shows the http_request_policy block being removed and re-added with identical values. The diff shows computed attributes like hdr_index, all_headers, log, pool_group_ref, status_code being returned by the API but not properly handled as computed-only by the provider.
Additional context
Terraform Configuration
resource "avi_httppolicyset" "monitoring_http_policy" {
name = "astr-monitoring-http-policy"
is_internal_policy = false
http_request_policy {
rules {
name = "add-x-forwarded-proto"
index = 1
enable = true
hdr_action {
action = "HTTP_ADD_HDR"
hdr {
name = "X-Forwarded-Proto"
value {
val = "https"
}
}
}
}
rules {
name = "route-vmalert"
index = 2
enable = true
match {
path {
match_criteria = "BEGINS_WITH"
match_str = ["/vmalert"]
match_case = "INSENSITIVE"
}
}
switching_action {
action = "HTTP_SWITCHING_SELECT_POOL"
pool_ref = avi_pool.vmalert.id
}
}
}
}Plan Output (truncated)
# avi_httppolicyset.monitoring_http_policy will be updated in-place
~ resource "avi_httppolicyset" "monitoring_http_policy" {
id = "https://..."
name = "astr-monitoring-http-policy"
- http_request_policy {
- rules {
- enable = "true" -> null
- index = "1" -> null
- name = "add-x-forwarded-proto" -> null
- hdr_action {
- action = "HTTP_ADD_HDR" -> null
- hdr_index = "4" -> null # <-- computed by API
...
}
}
}
+ http_request_policy {
+ rules {
+ enable = "true"
+ index = "1"
+ name = "add-x-forwarded-proto"
+ hdr_action {
+ action = "HTTP_ADD_HDR"
+ hdr_index = (known after apply) # <-- not in config
...
}
}
}
}
Root Cause Analysis
The AVI API returns additional computed attributes (hdr_index, all_headers, log, pool_group_ref, status_code, etc.) that are not specified in the Terraform configuration. The provider schema does not properly mark these as Computed: true only, causing Terraform to see a difference between state and config on every plan.
Related Issues
Describe the bug
The
avi_httppolicysetresource shows changes on everyterraform planeven when no configuration changes have been made. The resource is constantly trying to replace thehttp_request_policyblock.Reproduction steps
avi_httppolicysetresource withhttp_request_policyrulesterraform apply- succeedsterraform planagain with no changesExpected behavior
Expected Behavior
Running
terraform planwith no configuration changes should show "No changes. Your infrastructure matches the configuration."Actual Behavior
Every
terraform planshows thehttp_request_policyblock being removed and re-added with identical values. The diff shows computed attributes likehdr_index,all_headers,log,pool_group_ref,status_codebeing returned by the API but not properly handled as computed-only by the provider.Additional context
Terraform Configuration
Plan Output (truncated)
Root Cause Analysis
The AVI API returns additional computed attributes (
hdr_index,all_headers,log,pool_group_ref,status_code, etc.) that are not specified in the Terraform configuration. The provider schema does not properly mark these asComputed: trueonly, causing Terraform to see a difference between state and config on every plan.Related Issues
avi_cloudconnectoruser#620 - Similar drift issue withavi_cloudconnectoruseravi_vsvipalways detecting changes when utilizingauto_allocate_ip = true#607 - Similar drift issue withavi_vsvip