Adding members to subnet using terraform

0
votes

I am working on a automation flow which should accept the groups and service accounts and add them as members to a subnet in GCP. I am using the terraform resource "google_compute_subnetwork_iam_member" for this purpose.

According to its documentation (link below), terraform should preserve the previous members for the subnet when the configuration file is applied which contains only the new members. But when I apply the configuration, it destroys all the previous members and adds the new ones. Pls let me know if I am missing something

terraform resource name : google_compute_subnetwork_iam_member

Documentation link : https://www.terraform.io/docs/providers/google/r/compute_subnetwork_iam.html#google_compute_subnetwork_iam_member

**main.tf sample**
terraform {
  backend "gcs" {
    bucket  = "bucketname"
    project = "projectname"
    prefix  = "projectname/subnet_sharing/serviceprojectname"
  }
}

provider "google" {
  project     = "projectname"
  alias       = "us-central1"
  region      = "us-central1"
}

resource "google_compute_subnetwork_iam_member" "gcp-group-name-manager-to-subnet-name" {
  subnetwork  = "subnetname"
  role        = "roles/compute.networkUser"
  project     = "project-name"
  region      = "us-central1"
  member      = "group:gcp-group-name-manager@domain.com"
}

Thanks

Sandeep

1
terraform

1 Answers

1
votes

I think it's referring to all previous members not tracked (created) by terraform.

When you manually create one, they way I've interpreted the docs, terraform should not delete it when adding new ones.

But if you create one in terraform, then change it to another, it will delete the old one because it was initially created with terraform.

Is this the behaviour you get? If it's deleting manually created members then I'm not sure