Bug: junos_security_address_book no longer works with empty array of address_set

[computeracer]

Terraform and Provider Versions

terraform version
Terraform v1.4.6
on linux_amd64
+ provider registry.terraform.io/jeremmfr/junos v1.33.0

Terraform Configuration Files

terraform {
  required_providers {
    junos = {
      source  = "jeremmfr/junos"
      version = "2.0.0"
    }
  }
}

# Configure the Junos Provider
provider "junos" {
  ip   = "100.100.100.100"
  port = 830
}


locals {
  address_sets = flatten(
    [
      {
        name        = "test"
        address     = ["1.1.1.1/32"]
        address_set = []
        description = null
      }
    ]
  )
}

resource "junos_security_address_book" "global" {
  name = "global"
  dynamic "address_set" {
    for_each = local.address_sets
    content {
      name        = address_set.value.name
      address     = address_set.value.address
      address_set = address_set.value.address_set
      description = address_set.value.description
    }
  }
}

Expected Behavior

When running terraform 1.33 a plan in output successfully. A similar outcome was expected in version 2.0.0 as well.

Actual Behavior

Version 2.0.0 does not output a plan successfully.

Steps to Reproduce

1. terraform plan with the version set to 1.33.0 in HCL and note how it runs successfully.

terraform init
...
terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # junos_security_address_book.global will be created
  + resource "junos_security_address_book" "global" {
      + id   = (known after apply)
      + name = "global"

      + address_set {
          + address     = [
              + "1.1.1.1/32",
            ]
          + address_set = []
          + name        = "test"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

2. Change the version to 2.0.0 in the HCL and note the error received:

terraform init
...
terraform plan
╷
│ Error: Invalid Attribute Value
│ 
│   with junos_security_address_book.global,
│   on main.tf line 30, in resource "junos_security_address_book" "global":
│   30: resource "junos_security_address_book" "global" {
│ 
│ Attribute address_set[Value({"address":["1.1.1.1/32"],"address_set":[],"description":<null>,"name":"test"})].address_set set must contain at least 1 elements, got: 0
╵

[computeracer]

Found a work around with Terraform to successfully plan by checking for an empty array with the Terraform length function:

-      address_set = address_set.value.address_set
+      address_set = length(address_set.value.address_set) > 0 ? address_set.value.address_set : null

Now a plan against a undeployed firewall and empty state with version 1.33 that took 39 seconds now takes 19 minutes and 52 seconds with version 2.0.0.

Perhaps this should be filed as a separate issue. Happy to to do that if you think it is best @jeremmfr.

[jeremmfr]

Hi 👋

The junos_security_address_book resource use the new terraform-plugin-framework instead of terraform-plugin-sdk and with this new plugin empty set and null set no longer considered as same.
So, I added validation to avoid empty sets and to don't have a plan after each apply and refresh to replace null by [].

For plan time problem, the source of problem seems to come from the terraform-plugin-framework and with the Block Sets. Yes, a separate issue would be preferable.

[computeracer]

Thank you so much for those details. They are really helpful. I will close out this issue and create a separate one for the time problem. (New issue: #498)