feat: Support lifecycle ignoreChanges with module

Azure / terraform-azurerm-avm-res-containerregistry-registry

AVM Terraform module for Module 'avm-res-containerregistry-registry'

https://registry.terraform.io/modules/Azure/avm-res-containerregistry-registry

MIT License

10 stars 14 forks source link

feat: Support lifecycle ignoreChanges with module #29

Open Hi-Fi opened 6 months ago

Hi-Fi commented 6 months ago

Check for previous/existing GitHub issues

[X] I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

(Optional) Module Version

0.1.0

(Optional) Correlation Id

No response

Description

As Terraform doesn't support lifecycle meta-argument with modules (see hashicorp/terraform#27360) it would be nice that module would allow ignoring some things that are (at least in our environment) handled with policies. Of course the ignore can be more generic if possible, but at least for use tags and private_dns_zone_group.

kewalaka commented 6 months ago

hi @Hi-Fi thanks for this, apologies for the delay getting back to you.

it would be nice that module would allow ignoring some things that are (at least in our environment) handled with policies. Of course the ignore can be more generic if possible, but at least for use tags and private_dns_zone_group.

We have recently landed a general approach for dealing with private dns zone groups in the AVM template, and I will port this across to this module.

Your comment about tags makes sense for the same reason. @matt-FFFFFF I feel this is something we need to add to the general template - what's your thoughts on simply applying a "lifecycle ignore" to tags?

prjelesi commented 6 months ago

@matt-FFFFFF please comment

matt-FFFFFF commented 6 months ago

This is a pain unfortunately. The lifecycle ignore changes block cannot contain anything other than literals

So we either ignore changes for tags, or we don't. This isn't configurable by the caller.

My opinion is that we should not ignore tag changes as then we could not manage them with terraform.

matt-FFFFFF commented 4 months ago

We now have a solution for private dns zone groups... you can see it on the shared interface page on the AVM site (or in the key vault module)

alefteris commented 1 month ago

We now have a solution for private dns zone groups... you can see it on the shared interface page on the AVM site (or in the key vault module)

I've created a PR at https://github.com/Azure/terraform-azurerm-avm-res-containerregistry-registry/pull/81 that implements this for the container registry module (copied from the key vault module). @matt-FFFFFF

jchancellor-ms commented 1 month ago

@alefteris private DNS zone changes have been merged into v0.3. I'll add the updates we've discussed for inheriting tags to address policy issues. Will post a comment once that has been completed.