Meta-parameter: ignore_changes - list of attrs that should never trigger a diff

[pmoust]

I believe that we need to introduce Mutable bool in schema helper to mark resources' attributes that should be tracked in state but it's expected their value to change outside of terraform without affecting an execution plan.

Example:
blue-green / canary deployment procedure involving AWS ASG / Internal ELBs / Route53 records,
aws_route53_record --> mutable weight of records
aws_elb --> mutable instance ports, mutable health check
I am fairly sure this applies to other providers/resources.

If a descent disclaimer is present in the docs regarding what you 'give up' what you set an attribute as mutable I guess it is safe to add this feature.

Example syntax for ELB (very obvious)

resource "aws_elb" "micro_staging_blue" {
    name            = "micro-staging-blue"
    subnets         = [ "${aws_subnet.pph.*.id}" ]
    security_groups = [ "${aws_security_group.micro_elb.id}" ]
    internal        = true

    # metrics listens to 8000
    listener {
        instance_port = 8000
        instance_protocol = "http"
        lb_port = 8000
        lb_protocol = "http"
       mutable = true
    }

    # timetracker listens to 8001
    listener {
        instance_port = 9000
        instance_protocol = "http"
        lb_port = 8001
        lb_protocol = "http"
       mutable = true
    }

    # coreos/etcd
    listener {
        instance_port = 7001
        instance_protocol = "http"
        lb_port = 7001
        lb_protocol = "http"
    }
    listener {
        instance_port = 4001
        instance_protocol = "http"
        lb_port = 4001
        lb_protocol = "http"
    }

    health_check {
        healthy_threshold = 2
        unhealthy_threshold = 5
        timeout = 4
        target = "HTTP:9000/health"
        interval = 5
       mutable = true
    }
}

Thoughts?

[pmoust]

I had mentioned this 2.5months ago but it got lost as it was part of another issue; #1120 (comment)

[tomfotherby]

+1 This would be very helpful.

[spyrospph]

This will be of help for our deployments and in general resources managed by ASG.

[phinze]

I believe that we need to introduce Mutable bool in schema helper to mark resources' attributes that should be tracked in state but it's expected their value to change outside of terraform without affecting an execution plan.

Hi @pmoust - I can't find an issue or an ML thread at the moment, but I believe this is an expression of a feature we've discussed previously as "ignore changes to an attribute".

To clarify, are you talking about a helper/schema feature where a provider author would opt-in on a per-parameter basis, or a meta-parameter available to any resource like depends_on or count?

Here's the config sketch for the "ignore changes" feature as I've thought about it, which will perhaps help to clarify if these two ideas are the same or not:

resource "aws_instance" "foo" {
  // ...
  tags {
    Name = "some-service"
  }
  // allow deploy processes to set other tags without generating a diff
  ignore_changes = ["tags"]
}

resource "aws_autoscaling_group" "bar" {
  // ...
  min_size = 3
  max_size = 10
  desired_capacity = 6

  // i have an external tool that will manage these attrs after ASG creation
  ignore_changes = ["min_size", "max_size", "desired_capacity"]
}

[pmoust]

Hi @phinze, I was talking about helper/schema and I experimented a bit around this; worked fine with tags set, and aws_route53_record recordset attributes, but failed miserably for listener SchemaSet of aws_elb.
The hash identifier we use for a listener is a flattened representation of an ELB listener attributes, basically a string concatenation of the attributes themselves, so there is no effective way of it to be 'mutable' as I could not come up with a proper hash identifier.

I don't see a way around it, perhaps someone could come up with a better idea.

All in all, I think the sane way would be to go the route you describe, introducing a ignore_changes meta-parameter which accepts a lists of attributes that we should not mark for updat`.

Still this needs a bit thinking especially if the mutable resources/attributes are exported and used to graph other nodes in state...

P.S. For my use-case I ended introducing a mutable_listener attribute that has a hash not including instance_port in its hash (this was the mutable part), along with listener in the same aws_elb resource. 2/10 would not recommend.

[phinze]

All in all, I think the sane way would be to go the route you describe, introducing a ignore_changes meta-parameter which accepts a lists of attributes that we should not mark for update.

Sounds good - I'm going to change the title here so this thread can track that feature. Feel free to chime in if you disagree. 👌

[maxenglander]

+1 this would be great. It would be really nice if you could specify specific vars to be ignored as well, e.g.

"template_file": {
   "cloud_config": {
       "filename": "cloud-config.yaml.tpl",
       "ignore_changes": "vars.token",
       "vars": {
           "token": "..."
       }
    }
}

Curious if this feature is being worked on currently? Would love to take a stab at this but don't want to step on any toes.

[JeanMertz]

Also big 👍 to this as external management of resources is a real-world use-case that happens all the time in our infrastructure setup.

[pmoust]

@phinze: Hey ;) Is there any chance for this being in v0.6.0?

[joekhoobyar]

There is also a pull request out there that is somewhat related, adding a ignore_updates flag to the lifecycle block.

#2525

[phinze]

Hey folks - alas we are locked down on core features for release of 0.6 - I'm excited to get this in though so I'll make sure we pick it up soon after release. 👍

[robzienert]

👍 That makes sense, thanks!

[dalehamel]

bump @phinze

[dalehamel]

also having this issue, we are creating private subnets and want to manage their NAT routing tables with keepalived for an HA nat failover strategy.

Everything works fine, except whenever you run an apply on the VPC it nukes the routing table because we can't ignore updates to the 'routes' block.

So what I'd want to do is

resource "aws_route_table" "r" {
    vpc_id = "${aws_vpc.default.id}"
    route { }
    ignore_updates = "route"
}

[ojongerius]

+1

[mikerahmati]

Hey @phinze , any chance for this being in v0.6.1 (or v0.6.2) ?

[mikerahmati]

Hey @phinze , any chance this goes with the next release ?

[phobos182]

Would love to have this in the next release. I have a use for it currently. We manage tags outside of Terraform, and this would ease use of TF.

[mzupan]

I would love to get this in also.. we manage ASGs outside of terraform and its a nightmare to keep the min/desired in the current state.

[ilijaljubicic]

Same situation with NAT and routing tables being reset.

[dalehamel]

@engine07 for us we made the routes computed and optional in the route table to solve our problem (we compile terraform ourselves), and pulled in another PR that makes routes their own resource. This makes it behave more like a security groups and security group rules.

[pmoust]

Feature request satisfied in b430b98 !

[emoshaya]

We are using a Jenkins plugin to deploy a service onto AWS instances and the plugin would then create/update 'VERSION' tag for the instance(s). Unfortunately, Terraform deletes this tag unless there's a way to ignore it. Is there a way to ignore just a single tag, e.g. 'VERSION' as opposed to ignoring all tags for a specific instance? I'd really appreciate a response.

Thanks

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.