google_chronicle_rule: suppress trailing-newline permadiff on text

[tsushanth]

Fixes hashicorp/terraform-provider-google#27881.

Summary

The Chronicle Rules API silently appends a trailing \n to every stored rule body. Because the provider does not normalise this, every plan after a successful terraform apply shows the same phantom diff on every google_chronicle_rule — the reporter sees it across all 1,126 rules they manage with Terraform.

Reproduction (paraphrased from the linked issue):

before (read back from Chronicle API/state): rule text ends with }\n
after (from local config files): rule text ends with }

The Chronicle API is appending a trailing \n to the rule text when storing it. The provider does not normalise this when comparing state to config, causing a permanent diff on every plan.

Fix

Add a small resource-specific diff suppressor on google_chronicle_rule.text that trims trailing \n from both sides before comparing:

func chronicleRuleTextDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
    return strings.TrimRight(old, "\n") == strings.TrimRight(new, "\n")
}

This mirrors the existing custom_code.constants + diff_suppress_func wiring already used by google_chronicle_rule_deployment.run_frequency (templates/terraform/constants/chronicle_rule_deployment.go.tmpl).

The suppress logic is intentionally narrow:

• A config without a trailing newline matches the API value that has one (the reported case).
• Multiple trailing newlines collapse to the same canonical form, so "…}\n\n" and "…}\n" are still treated as equal.
• Any other character difference inside the rule body (including a CRLF inside the body, leading whitespace, or content edits) still surfaces as a diff.

Tests

The existing fixtures chronicle_rule_basic.tf.tmpl, chronicle_rule_with_data_access_scope.tf.tmpl, and chronicle_rule_with_force_deletion.tf.tmpl author the text field via <<-EOT … EOT heredocs, which implicitly add a trailing newline. They currently pass by coincidence (the API's trailing \n happens to match the heredoc's). With this change they continue to pass because the suppressor normalises both directions. Happy to add an acceptance fixture that authors text without a trailing newline — typically the more interesting regression case — if reviewers would like one.

Release Note

chronicle: suppressed a permadiff on `google_chronicle_rule.text` caused by the Chronicle API appending a trailing newline to every stored rule body

[github-actions]

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@rileykarson, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 2bddb8a:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	1 file changed, 12 insertions(+), 2 deletions(-)
google-beta provider	View Diff	1 file changed, 12 insertions(+), 2 deletions(-)
terraform-google-conversion	View Diff	1 file changed, 9 insertions(+)

Test report

Analytics

Total Tests	Passed	Skipped	Affected
45	44	1	0

Affected Service Packages

• chronicle

Learn how VCR tests work

---

Step 1: Replaying Mode

🟢 All tests passed in Replaying mode! No Recording was needed.

View the replaying VCR build log

@tsushanth, @rileykarson, @ankitgoyal0301 VCR tests complete for 2bddb8a!