Bug Description
Adding a Service Account to perimeter_additional_members via Terraform fails unless the VPC Service Control is manually deleted from the console first.
Environment and Deployment Context
Please provide details about your deployment to help us reproduce the issue.
- Stellar Engine Version/Commit:
main
- Deployment Type:
- FAST Stage (if applicable):
- Affected Component:
blueprints/fedramp-high/access-context-manager/
- Terraform Version: 1.5.7
- GCP Provider Version: 5.10.0
Steps to Reproduce
Steps to reproduce the behavior:
- Deploy initial VPC SC perimeter.
- Update Terraform variables to add a Service Account to
perimeter_additional_members.
- Run
terraform plan / apply.
- Observe state lock failure.
Expected Behavior
The VPC SC perimeter should update gracefully via the API without requiring manual deletion.
Actual Behavior
Terraform fails to apply the update, requiring the user to navigate to the GCP console and delete the perimeter manually.
Relevant Logs and Errors
N/A
Additional Context
This breaks the automation workflow for network environments. This was explicitly requested in the legacy Feature Braindump from 2023.
Bug Description
Adding a Service Account to
perimeter_additional_membersvia Terraform fails unless the VPC Service Control is manually deleted from the console first.Environment and Deployment Context
Please provide details about your deployment to help us reproduce the issue.
mainblueprints/fedramp-high/access-context-manager/Steps to Reproduce
Steps to reproduce the behavior:
perimeter_additional_members.terraform plan/apply.Expected Behavior
The VPC SC perimeter should update gracefully via the API without requiring manual deletion.
Actual Behavior
Terraform fails to apply the update, requiring the user to navigate to the GCP console and delete the perimeter manually.
Relevant Logs and Errors
N/A
Additional Context
This breaks the automation workflow for network environments. This was explicitly requested in the legacy Feature Braindump from 2023.