fix(sso): use TypeSet for team_ids to prevent ordering diffs#730
Merged
Conversation
API returns team_ids in arbitrary order. Since team_ids is a TypeList (order-sensitive), this caused persistent diffs on every plan/apply. Sort a copy of TeamIDs before writing to state in the Read path. Backwards compatible: existing state normalizes on next refresh. Also fixes the same issue in the deprecated sysdig_group_mapping.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses persistent (“phantom”) Terraform diffs caused by the Sysdig API returning team_ids in arbitrary order while the provider schema models team_ids as an order-sensitive TypeList. It normalizes ordering in the Read/flatten path so state is stable across refreshes, and adds/updates tests to catch regressions.
Changes:
- Sort a copy of
team_idsbefore writing it into Terraform state forsysdig_sso_group_mapping. - Apply the same state-normalization behavior to the deprecated
sysdig_group_mappingresource. - Add a unit test for the sorting behavior and enhance the acceptance test to assert “no-op” plans.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
sysdig/resource_sysdig_sso_group_mapping.go |
Sorts team_ids before setting team_map in state to prevent order-driven diffs. |
sysdig/resource_sysdig_sso_group_mapping_unit_test.go |
Adds a unit test asserting team_ids are sorted when flattened into state. |
sysdig/resource_sysdig_sso_group_mapping_test.go |
Updates acceptance coverage to validate stable plans and expands team_ids scenario to multiple teams. |
sysdig/resource_sysdig_group_mapping.go |
Applies the same team_ids sorting normalization to the deprecated resource’s Read/flatten path. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
team_ids is an unordered collection but was defined as TypeList, which compares element-by-element. API returns IDs in arbitrary order causing phantom diffs on every plan/apply. Change team_ids from TypeList to TypeSet with a state upgrader (v0→v1) for transparent migration. Existing customer state upgrades automatically on next refresh with no destroy/recreate. Reverts sort-in-Read approach from previous commit as it causes perpetual diffs when config order differs from sorted order.
Test only verified SDK converts []int to Set, not our code. Integration test with PlanOnly step covers the actual bug.
tembleking
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
sysdig/resource_sysdig_sso_group_mapping.go:104
- The PR description says this is a Read-path normalization with no schema changes, but this change switches
team_idsfromschema.TypeListtoschema.TypeSet. That is a behavioral/schema change (dedup + order-insensitive) and can be breaking for users who relied on ordering. Either update the PR description/changelog accordingly, or keepTypeListand sort a copy of the API-returned IDs before callingd.Setin Read (as described). Also, the description mentions applying the same fix to deprecatedsysdig_group_mapping, but that resource still definesteam_idsas aTypeList.
"team_ids": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeInt,
},
},
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
alecron
approved these changes
May 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
API returns
team_idsin arbitrary order. Sinceteam_idswasTypeList(order-sensitive), customers see persistent diffs on everyplan/applyeven when nothing changed.Change
team_idsfromTypeListtoTypeSetwith a state upgrader (v0→v1) for transparent migration. Existing state upgrades automatically on next refresh, no destroy/recreate.