The google_chronicle_rule_deployment resource in the Google provider fails consistently in version 7.10.0 with:
Error: Provider produced inconsistent result after apply
Root resource was present, but now absent.
This appears to be a regression of issue #21389, which was reported as fixed in v6.21.0.
Environment
-
Provider: hashicorp/google v7.10.0
-
Terraform: v1.5.7
-
Chronicle / Google SecOps
-
Region: eu
Minimal config
resource "google_chronicle_rule" "test" {
project = "your-project-id"
location = "us"
instance = "your-instance-id"
text = <<-EOT
rule TestRule {
meta:
author = "SecOps"
severity = "HIGH"
events:
$e.metadata.event_type = "PROCESS_LAUNCH"
condition:
$e
}
EOT
}
resource "google_chronicle_rule_deployment" "test" {
project = "your-project-id"
location = "us"
instance = "your-instance-id"
rule = google_chronicle_rule.test.name
enabled = true
alerting = true
run_frequency = "LIVE"
depends_on = [google_chronicle_rule.test]
}
Findings
From DEBUG logs, the provider builds an incorrect GET path:
GET /v1/projects/.../rules/projects/.../rules/<rule_id>/deployment
→ 404 Not Found
Expected path:
GET /v1/projects/.../rules/<rule_id>/deployment
This malformed request triggers the “resource was present, but now absent” error.
The Chronicle API itself works correctly when called manually. The issue seems to be a regression in the provider’s Readlogic for this resource.
Thanks!