Open kostty opened 1 month ago
As a workaround, you can use ignore_changes attribute from the resource lifecycle.
For example:
resource "prismacloud_alert_rule" "example" {
name = "terraform-example-rule"
description = "Made by Terraform"
enabled = true
target {
account_groups = [data.prismacloud_account_group.example.group_id]
}
policies = local.example_policies
notification_config {
enabled = true
frequency = "as_it_happens"
config_type = "webhook"
detailed_report = true
recipients = [data.prismacloud_integration.datadog_webhook.integration_id]
}
lifecycle {
ignore_changes = [
# Ignore changes to account group's policy filter
# due to usage of policies field
target[0].alert_rule_policy_filter
]
}
}
We use terraform plan
to detect potential drifts between the actual state of the infrastructure and the defined configuration, so we don't want to ignore changes to defined resources.
We did implement another workaround, i.e. defining an empty alert_rule_policy_filter. But ultimately we would love to see it fixed in the provider, so that we don't have to keep the workaround in our repository.
We use
terraform plan
to detect potential drifts between the actual state of the infrastructure and the defined configuration, so we don't want to ignore changes to defined resources.We did implement another workaround, i.e. defining an empty alert_rule_policy_filter. But ultimately we would love to see it fixed in the provider, so that we don't have to keep the workaround in our repository.
Please review Terraform documentation to have a better understanding of how ignore_changes work. It won't cause drift in your case, since you are ignoring the empty attribute.
Let me know if you have further questions.
Describe the bug
Since recently we're experiencing configuration drift that's caused by the provider trying to change the configuration of
alert_rule_policy_filter
in a defined alert rule.We don't have any
alert_rule_policy_filter
defined as we don't need one. However, now if we runplan
against the current configuration, the proposed plan comes up with a change that looks like the following:Expected behavior
Running
plan
against the current configuration should result in a 0 change planCurrent behavior
Running
plan
against the current configuration results in plan that contains a change to a resourcePossible solution
I guess, the default value for an empty/undefined
alert_rule_policy_filter
should match what terraform plan detects during the refresh stage.Steps to reproduce
alert_rule_policy_filter
and apply it.terraform plan
against the already applied codeContext
The drift detection check triggers an alert due to a non-zero change plan. To resolve the drift, an empty
alert_rule_policy_filter
has to be added to the code for no other reason than to reconcile the code with the state.Your Environment