Auto added annotations serving.knative.dev/creator and serving.knative.dev/lastModifier do not play well with Terraform

[steren]

Cloud Run automatically adds annotations to the created resources serving.knative.dev/creator and serving.knative.dev/lastModifier under metadata[0].annotations . This seems to cause troubles with Terraform (see example)

Would it be possible to ignore them by default?

It seems that adding this config helps:

lifecycle {
    ignore_changes = [
      metadata[0].annotations["serving.knative.dev/creator"],
      metadata[0].annotations["serving.knative.dev/lastModifier"]
    ]
  }

[rileykarson]

Precedent in https://github.com/hashicorp/terraform-provider-google/blob/master/google/resource_dataflow_job.go#L29, https://github.com/hashicorp/terraform-provider-google-beta/blob/master/google-beta/node_config.go#L593

[rileykarson]

Retriaging to enhancement, since this is closer to additive behaviour than a bugfix.

[joshk0]

I disagree; this is an essential annotation for using google_cloud_run_domain_mapping so every single user of it will run into this issue, unless I'm mistaken.

By the way, the requirement for the BETA launch stage annotation was not originally there, and was added as a constraint later. I have resources in my tf state which are grandfathered in, it seems.

I think I'd rather have it set up so that if you're using the terraform resource, it automatically adds that annotation if it isn't there. That would solve the original issue without needing to mess with ignored annotations, since most people are likely to not use annotations at all after it is no longer required to specify the launch stage annotation.

[steren]

I do not understand the previous comment. My request is about serving.knative.dev/creator and serving.knative.dev/lastModifier annotations. Launch stage should not be ignored.

[steren]

The PR ignores everything that contains serving.knative.dev, which is dangerous IMO, the request was only to ignore serving.knative.dev/creator and serving.knative.dev/lastModifier

[joshk0]

I do not understand the previous comment. My request is about serving.knative.dev/creator and serving.knative.dev/lastModifier annotations. Launch stage should not be ignored.

My point was that most people are only using annotations to specify launch-stage, and that's only required because you can't use google_cloud_run_domain_mapping without using a launch-stage anymore. So I proposed that an alternative solution might include implying the beta launch stage whenever the domain mapping resource is used within terraform, and that might 'dodge' the problem rather than mandate a fix like what went in.

Given the approach that was taken, I agree that the ignoring strategy is a bit excessive.

[nat-henderson]

I'll contact the author and see if they'd like to revise it. You propose ignoring specifically and exclusively serving.knative.dev/creator and serving.knative.dev/lastModifier?

[upodroid]

Hey

I have used Knative and Cloud Run myself so i'm pretty confident there are no user settable annotations under the serving.knative.dev namespace.

I had a look at the API Spec for Knative Serving at https://knative.dev/docs/serving/spec/knative-api-specification-1.0/ and it looks like annotations like serving.knative.dev/* are set by other components of Knative that end users shouldn't be manipulating.

[ScottSuarez]

I have a PR to restrict the annotations to the specific values that Cloud Run adds. Better to be precise about what we ignore imo.

GoogleCloudPlatform/magic-modules#4202

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!