A way to hide certain expected changes from the "refresh" report ("Objects have changed outside of Terraform")
Problem
After upgrading to 0.15.4 terraform reports changes that are ignored. It is exactly like commented here: https://github.com/hashicorp/terraform/issues/28776#issuecomment-846547594 Terraform Version [code block] Terraform Configuration Files <!-- Paste the relevant parts of your Terraform configuration between the [code block]terraform resource "aws_batch_compute_environment" "batch_compute" { lifecycle { ignore_changes = [compute_resources[0].desired_vcpus] } ... compute_resources { ... } } resource "aws_db_instance" "postgres_db" { ... lifecycle { prevent_destroy = true ignore_changes = [latest_restorable_time] } } [code block] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply": module.db.aws_db_instance.postgres_db has been changed ~ resource "aws_db_instance" "postgres_db" { id = "db" ~ latest_restorable_time = "2021-05-25T10:24:14Z" -> "2021-05-25T10:29:14Z" name = "db" tags = { "Name" = "DatabaseServer" } (47 unchanged attributes hidden) (1 unchanged block hidden) } module.batch_processor_dot_backend.aws_batch_compute_environment.batch_compute has been changed ~ resource "aws_batch_compute_environment" "batch_compute" { id
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Solution: A way to hide certain expected changes from the "refresh" report ("Objects have changed outside of Terraform")
This feels like a pretty invasive change. I second what @koalalorenzo said. The main problem with this change is that we lean on our large team of engineers to inspect their own changes carefully on a per-team basis and apply those changes without constant infra approval. Even when diffs are small, though, we can sometimes misunderstand the plan which can lead to some unfortunate consequences. N
Trust Score
9 verifications
- 1
This feels like a pretty invasive change. I second what @koalalorenzo said.
This feels like a pretty invasive change. I second what @koalalorenzo said.
- 2
The main problem with this change is that we lean on our large team of engineers
The main problem with this change is that we lean on our large team of engineers to inspect their own changes carefully on a per-team basis and apply those changes without constant infra approval. Even when diffs are small, though, we can sometimes misunderstand the plan which can lead to some unfortunate consequences. Not everyone understands the inner workings of terraform, or even the best practices, so there is always going to be mistakes. This isn't terraform's fault, we all need to learn the tool a little bit better.
- 3
Now, though, we have to sift through an entire block of output and tell our team
Now, though, we have to sift through an entire block of output and tell our team to just ignore it up to a point. Its just going to lead to less clear plan output that people put less effort into reviewing. I think its going to erode trust, too, even though I suspect the opposite is the goal.
- 4
For instance, take a `google_container_node_pool` resource. If its auto-scaling,
For instance, take a `google_container_node_pool` resource. If its auto-scaling, every single time you apply the project you get a new `node_count` attribute diff that is wholly un-actionable. If somebody sees that every single time, but I tell them to ignore it because it should absolutely be ignored, whose to say when they get a `-/+` change on that resources (maybe by accident or lack of understanding) they aren't going to assume its also ignorable.
Validation
Resolved in hashicorp/terraform GitHub issue #28803. Community reactions: 79 upvotes.
Verification Summary
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep