New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container apps key vault secret ignore_changes
not recognised
#25727
Comments
ignore_changes
not recognised
Hi @jordanhavard, This is correct as you're supplying that argument as if it's a part of the resource scheme, which it's not. If you wish to ignore the changes then wrap it in a lifecycle block as per the docs resource "azurerm_container_app" "oct-staging-auth" {
...
secret {
name = "password"
identity = var.container-apps-identity-id
key_vault_secret_id = "https://kv.vault.azure.net/secrets/password"
value = ""
}
lifecycle {
ignore_changes = [ secret ]
}
} |
I am running into this issue as well and the docs are definitely confusing/contradictory. Ignoring all
When attempting to do something like the following, it complains that the blocks cannot be addressed and recommends using a for loop, but that also throws an error because its not a static list.
|
Hey @ASHR4 Can you advise how we should best use this case when setting up a resource and adding a new secret? Something like @mmillican mentioned below would be nice too as then the key_vault_secret_id could still be updated if using versioned secrets.
|
According to the schema, the I have a question to @jordanhavard: secret {
name = "password"
identity = var.container-apps-identity-id
key_vault_secret_id = "https://kv.vault.azure.net/secrets/password"
ignore_changes = true
value = ""
} It looks like your real password is stored in the key vault, and you've referenced this secret via a versionless id, why you want to ignore change on this password? If you'd like to change the password you can upgrade the secret in your Key Vault, the secret id could stay unchanged. |
@lonegunmanb Even when doing this, during the plan phase, its mentioned that a change will be made however like you mentioned, this is a versionless id so I was confused as to why this was happening in the first place |
@jordanhavard Could you please share us a minimum example code that could reproduce your issue? Once we can reproduce the issue on our side we can try to solve it. Thanks in advance! |
Is there an existing issue for this?
Community Note
Terraform Version
1.5.7
AzureRM Provider Version
3.100
Affected Resource(s)/Data Source(s)
azurerm_container_app
Terraform Configuration Files
Expected Behaviour
When running
terraform plan
no updates / changes are made to this blockActual Behaviour
Unable to run terraform plan.
Removing
ignore_changes
results in terraform advising an update to this block is expectedSteps to Reproduce
Run
terraform plan -out tfplan.plan
Important Factoids
no
References
Docs: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app#secret
The text was updated successfully, but these errors were encountered: