Loading...
Loading...
### Terraform Version ```shell Terraform v1.13.4 on linux_amd64 + provider registry.terraform.io/hashicorp/google v7.9.0 ``` ### Terraform Configuration Files ``` terraform { required_version = ">= 1.5.0" required_providers { google = { source = "hashicorp/google" version = ">= 5.0" } } } provider "google" { project = "dummy-project" region = "europe-north1" } resource "google_compute_vpn_tunnel" "tunnel" { name = "test-tun" region = "europe-north1" vpn_gateway = "https://www.googleapis.com/compute/v1/projects/dummy-project/regions/europe-north1/vpnGateways/left-gw" peer_external_gateway = "https://www.googleapis.com/compute/v1/projects/dummy-project/global/externalVpnGateways/test-extgw" peer_external_gateway_interface = 0 shared_secret = "key" ike_version = 2 router = "https://www.googleapis.com/compute/v1/projects/dummy-project/regions/europe-north1/routers/left-router" vpn_gateway_interface = 1 cipher_suite { phase1 { encryption = concat(["AES-GCM-16-128", "AES-GCM-16-192", "AES-GCM-16-256"], ["AES-CBC-128", "AES-CBC-192", "AES-CBC-256"]) integrity = ["AES-XCBC-96", "AES-CMAC-96", "HMAC-SHA2-256-128", "HMAC-SHA2-384-192", "HMAC-SHA2-512-256"] prf = ["PRF-AES128-XCBC", "PRF-AES128-CMAC", "PRF-HMAC-SHA2-256", "PRF-HMAC-SHA2-384", "PRF-HMAC-SHA2-512"] dh = ["Group-14", "Group-15", "Group-16", "Group-18", "Group-19", "Group-20", "Group-21", "Group-31"] } phase2 { encryption = ["AES-GCM-16-128", "AES-GCM-16-192", "AES-GCM-16-256", "AES-CBC-128", "AES-CBC-192", "AES-CBC-256"] integrity = ["HMAC-SHA2-256-128", "HMAC-SHA2-512-256"] pfs = ["Group-14", "Group-15", "Group-16", "Group-18", "Group-19", "Group-20", "Group-21", "Group-31"] } } } ``` ### Terrafrom Plan Output ``` + cipher_suite { + phase1 { + dh = [ + "Group-14", + "Group-15", + "Group-16", + "Group-18", + "Group-19", + "Group-20", + "Group-21", + "Group-31", ] + encryption = [ + "AES-CBC-128", + "AES-CBC-192", + "AES-CBC-256", + "AES-GCM-16-128", + "AES-GCM-16-192", + "AES-GCM-16-256", ] + integrity = [ + "AES-CMAC-96", + "AES-XCBC-96", + "HMAC-SHA2-256-128", + "HMAC-SHA2-384-192", + "HMAC-SHA2-512-256", ] + prf = [ + "PRF-AES128-CMAC", + "PRF-AES128-XCBC", + "PRF-HMAC-SHA2-256", + "PRF-HMAC-SHA2-384", + "PRF-HMAC-SHA2-512", ] } + phase2 { + encryption = [ + "AES-CBC-128", + "AES-CBC-192", + "AES-CBC-256", + "AES-GCM-16-128", + "AES-GCM-16-192", + "AES-GCM-16-256", ] + integrity = [ + "HMAC-SHA2-256-128", + "HMAC-SHA2-512-256", ] + pfs = [ + "Group-14", + "Group-15", + "Group-16", + "Group-18", + "Group-19", + "Group-20", + "Group-21", + "Group-31", ] } }``` ### Expected Behavior GCP expects AEAD algorithms (AES-GCM-...) come before non-AEAD (AES-CBC-...) ### Actual Behavior non-AEAD algorithms (AES-CBC-...) appear before AEAD (AES-GCM-...). Seems terraform orders alphabetically ### Steps to Reproduce 1. terraform init 2. terraform plan ### Additional Context _No response_ ### References _No response_ ### Generative AI / LLM assisted development? _No response_
Click on a version to see all relevant bugs
Terraform Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.