Error: changes to `lifecycle_commands` and/or `interpreter` should not be follwed by changes to other arguments

[vknemanavar]

we are using shell_script resource to create IBM VPN server, first time creation resource creation worked perfectly but second time when we run plan getting below error Error: changes to lifecycle_commands and/or interpreter should not be follwed by changes to other arguments

Here is our TF code resource "shell_script" "vpn_server_route" {

lifecycle_commands { create = file("${path.module}/scripts/create-vpn-route.sh") read = file("${path.module}/scripts/read-vpn-route.sh") delete = file("${path.module}/scripts/delete-vpn-route.sh") }

environment = { REGION = var.region RESOURCE_GROUP = var.resource_group_name VPC_NAME = var.vpc_name VPN_SERVER_NAME = var.vpn_instance_name API_KEY = var.ibmcloud_api_key

VPN_ROUTE_NAME        = var.vpn_route_name != "" ? var.vpn_route_name : "${var.vpn_instance_name}-default-route"
VPN_ROUTE_DESTINATION = var.vpn_route_destination
VPN_ROUTE_ACTION      = var.vpn_route_action

}

working_directory = path.module

}

[richardj-bsquare]

Yes, this is irksome for me also, since I'm using the shell resource to do git manipulation across multiple repositories. The environment contains a hash (of git ls-remote) that indicates which repositories have changed and need updating.

Since the for_each contains around 250 repositories; at least one of them always has a change. So it's practically impossible to change the script since one of those 250 repositories will have changed and hence the environment will have changed.

I have to keep 'state rm'-ing the relevant portions.

Can we lift this restriction?

[pennersm]

I am running into the same error with a almost identical config. It's a pitty, because if that would work, it'd be a really clean and native way to integrate a shell. E.g. to call ansible-playbook in an ENV that is feed from Terraform, very handy ....

resource "shell_script" "call_ansible" { lifecycle_commands { create = <<-EOF cd "${path.module}/ansible/" && ansible-playbook -l ${path.module}/${var.ansible_playbook} EOF delete = "rm -f ${path.module}/${var.ansible_log}" } environment = { ANSIBLE_PRIVATE_KEY_FILE = var.ansible_privkey ANSIBLE_LOG_PATH = var.ansible_log ANSIBLE_REMOTE_USER = var.ami_user ANSIBLE_INVENTORY = var.ansible_hosts } depends_on = [local_file.ansible_inventory] }

[TJM]

There should at least be an option to override this. It is probably a decent restriction most of the time, but for me it just makes one MR turn into about 3-4.

[cveld]

@scottwinkler there is a typo in this message follwed -> followed 😅