From 12d0bbf2fc2a49cedf8f007759b103406b35fc91 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 8 Jan 2026 14:28:57 +0100
Subject: [PATCH] Revert "fix previous change to vpc sc module (#3629)" (#3630)

This reverts commit dc35ce15ee9512588b87590252d4691a02107ab7.
---
 modules/vpc-sc/perimeters-additive.tf | 44 +++++----------------------
 tests/modules/vpc_sc/context.yaml     | 11 +++----
 2 files changed, 12 insertions(+), 43 deletions(-)

diff --git a/modules/vpc-sc/perimeters-additive.tf b/modules/vpc-sc/perimeters-additive.tf
index 601783697..6e471cd64 100644
--- a/modules/vpc-sc/perimeters-additive.tf
+++ b/modules/vpc-sc/perimeters-additive.tf
@@ -17,56 +17,28 @@
 # tfdoc:file:description Regular service perimeter resources which ignore resource changes.
 
 locals {
-  _spec_resource_sets = flatten([
-    for k, v in local.perimeters : [
-      for vv in try(v.spec.resources, []) : [
-        for vvv in lookup(local.ctx.resource_sets, vv, []) : {
-          key       = "${k}/${vvv}"
-          perimeter = k
-          resource  = vvv
-        }
-      ] if startswith(vv, "$resource_sets:")
-    ] if v.ignore_resource_changes
-  ])
-  _spec_resources = flatten([
+  perimeters_additive = {
+    for k, v in google_access_context_manager_service_perimeter.additive :
+    k => v.id
+  }
+  spec_additive_resources = flatten([
     for k, v in local.perimeters : [
       for vv in try(v.spec.resources, []) : {
         key       = "${k}/${vv}"
         perimeter = k
         resource  = vv
-      } if !startswith(vv, "$resource_sets:")
+      }
     ] if v.ignore_resource_changes
   ])
-  _status_resource_sets = flatten([
-    for k, v in local.perimeters : [
-      for vv in try(v.status.resources, []) : [
-        for vvv in lookup(local.ctx.resource_sets, vv, []) : {
-          key       = "${k}/${vvv}"
-          perimeter = k
-          resource  = vvv
-        }
-      ] if startswith(vv, "$resource_sets:")
-    ] if v.ignore_resource_changes
-  ])
-  _status_resources = flatten([
+  status_additive_resources = flatten([
     for k, v in local.perimeters : [
       for vv in try(v.status.resources, []) : {
         key       = "${k}/${vv}"
         perimeter = k
         resource  = vv
-      } if !startswith(vv, "$resource_sets:")
+      }
     ] if v.ignore_resource_changes
   ])
-  perimeters_additive = {
-    for k, v in google_access_context_manager_service_perimeter.additive :
-    k => v.id
-  }
-  spec_additive_resources = concat(
-    local._spec_resource_sets, local._spec_resources
-  )
-  status_additive_resources = concat(
-    local._status_resource_sets, local._status_resources
-  )
 }
 
 resource "google_access_context_manager_service_perimeter" "additive" {
diff --git a/tests/modules/vpc_sc/context.yaml b/tests/modules/vpc_sc/context.yaml
index 49cd2eae5..25672706c 100644
--- a/tests/modules/vpc_sc/context.yaml
+++ b/tests/modules/vpc_sc/context.yaml
@@ -105,16 +105,13 @@ values:
   google_access_context_manager_service_perimeter_resource.default["default/$project_numbers:test-1"]:
     resource: projects/222222
     timeouts: null
-  google_access_context_manager_service_perimeter_resource.default["default/projects/321"]:
-    resource: projects/321
-    timeouts: null
-  google_access_context_manager_service_perimeter_resource.default["default/projects/654"]:
-    resource: projects/654
+  google_access_context_manager_service_perimeter_resource.default["default/$resource_sets:test"]:
+    resource: $resource_sets:test
     timeouts: null
 
 counts:
   google_access_context_manager_access_level: 1
   google_access_context_manager_service_perimeter: 1
-  google_access_context_manager_service_perimeter_resource: 4
+  google_access_context_manager_service_perimeter_resource: 3
   modules: 0
-  resources: 6
+  resources: 5