Dynamic blocks not shown in terraform plan

[QBY-MauriceBaerisch]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.3

AzureRM Provider Version

3.63.0

Affected Resource(s)/Data Source(s)

azurerm_firewall_policy_rule_collection_group, dynamic

Terraform Configuration Files

resource "azurerm_firewall_policy_rule_collection_group" "this" {
  name               = "myrulecollectiongroup"
  firewall_policy_id = var.firewall_policy_id
  priority           = 100

  network_rule_collection {
    name     = "mydynamicrulecollection"
    priority = 100
    action   = "Allow"

    dynamic "rule" {
        for_each = should_build ? [] : ["build_this"]
        content {
            name                  = "mydynamicrule"
            protocols             = ["TCP", "UDP"]
            source_ip_groups      = [var.source_ip_group]
            destination_ip_groups = [var.destination_ip_group]
            destination_ports = [
                "53", "88"
            ]
        }
    }
  }
}

Debug Output/Panic Output

+ network_rule_collection {
          + action   = "Allow"
          + name     = "mydynamicrulecollection"
          + priority = 100
        }

Expected Behaviour

If "should_build" is true, the terraform plan should list the rule being built within the network_rule_collection.
The terraform plan should always 100% reflect the changes initiated by terraform.

Actual Behaviour

While terraform does deploy the rule, that is not reflected by the terraform plan output.

Steps to Reproduce

1. Create a simple terraform project which uses the dynamic block to create a subresource (for example: a rule within a network rule collection)
2. terraform apply will show the terraform plan - without the dynamic block

Important Factoids

No response

References

No response

[QBY-MauriceBaerisch]

Clarification: the bug only occurs when the for_each list is known after apply, thus not available on the plan stage.
I'd expect terraform to either include the dynamic block in the plan or throw an error.

[wuxu92]

@QBY-MauriceBaerisch Thank you for bringing up this issue. Unfortunately, it appears to be related to the terraform core rather than a bug or feature of the provider. If you believe it is a bug, you can raise an issue at https://github.com/hashicorp/terraform/issues as well.

[rcskosir]

Thanks for taking the time to open this issue. It looks like the behavior you are refering to is related to terraform core and not the azurerm provider. If you create a request on Terraform Core, feel free to add the link here.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.