terraform-provider-google: rolling_update_policy in regional_group_manager's seems buggy

Terraform Version

Terraform v0.11.7

• provider.google v1.12.0

Affected Resource(s)

• google_compute_region_instance_group_manager

I tried enabling rolling_update_policy in two different modules. Both didn’t work for different reasons.

Bastion

Our bastion module makes a single instance. I added:

  update_strategy    = "ROLLING_UPDATE"

  rolling_update_policy {
    type                  = "PROACTIVE"
    minimal_action        = "REPLACE"
    max_surge_fixed       = 1
    max_unavailable_fixed = 0
    min_ready_sec         = 30
  }

When I checked via the console I saw the settings were:

Update mode
Proactive
Maximum surge
0 instances (fixed)
Maximum unavailable
3 instances (fixed)
Minimum wait time
0 seconds

Which is obviously completely different. Despite this every terraform run seemed not to change it or want to change it.

Vault Cluster

My vault cluster makes 3 nodes, and I used:

  rolling_update_policy {
    type                  = "PROACTIVE"
    minimal_action        = "REPLACE"
    max_surge_fixed       = "${length(data.google_compute_zones.available.names)}"
    max_unavailable_fixed = 0
    min_ready_sec         = 30
  }

In this case it simply remained in as:

Update mode
Opportunistic

I tried a variety of settings, changing surge/unavailable, tweaking min_ready_sec, etc, but I could never get it to actually do anything and it certainly wasn’t replacing instances. I’m not really sure how to debug further or what I could do to get you useful information, but I’m willing to be guided into the right direction!