Suppress metadata changes at terraform plan?

[mattpopa]

Older helm provider versions didn't show this metadata changes when terraform detected a change/run plan, and the new helm provider versions are posting a wall of text of metadata changes which have no real value (to me) and just clog up my tf plan output.

example doing a tf plan on a helm resource where we only updated the image tag var:

  # module.api-eks.helm_release.app will be updated in-place
  ~ resource "helm_release" "app" {
        id                         = "api"
      ~ metadata                   = [
          - {
              - app_version = "latest"
              - chart       = "api"
              - name        = "api"
              - namespace   = "production"
              - revision    = 1420
              - values      = jsonencode(
                    {
                      - appConfig          = {
                          - apiBackendReplicationTaskId       = "none"
                          - applicationMode                   = "none"
                          - baseApiUrl                        = "none"
                          - something = "else"
                          - foo = "bar"
                          - 
                          < it goes on for many >
                          < many >
                          < lines >
                          < and it's of no value >
                          < just noise on tf plan >
                          

let's say we only have a field deploymentTimestamp updated. We'd rather see the changed field only on terraform plan, and suppress the whole metadata update, e.g. terraform plan should only show

  # module.api-eks.helm_release.app will be updated in-place
  ~ resource "helm_release" "app" {
        id                         = "api"
        [...]
        # (25 unchanged attributes hidden)

      + set {
          + name  = "deploymentTimestamp"
          + value = "19012024-225905"
        }

        # (62 unchanged blocks hidden)
        

This way the terraform plan is clear and concise, more human (easier to read/follow) without the metadata removal. Does it make sense?

Terraform version, Kubernetes provider version and Kubernetes version

Terraform version: v1.6.5
Helm Provider version: v2.12.0 (same on v2.12.1)
Kubernetes version: v2.24.0

Terraform configuration

resource "helm_release" "app" {
  namespace       = var.namespace != "" ? var.namespace : terraform.workspace
  chart           = var.chart_name
  version         = var.chart_version
  name            = var.app_name
  timeout         = var.deployment_timeout
  cleanup_on_fail = var.helm_cleanup_on_fail
  atomic          = var.helm_atomic_creation
  max_history     = var.helm_max_history
  wait            = var.helm_wait_for_completion

  dynamic "set" {
    for_each = local.k8s_app

    content {
      name  = set.key
      value =  set.value
    }
  }

  values = var.some_ingress_values
}

Question

Is there any way to suppress the metadata changes at terraform plan?

[MiguelNdeCarvalho]

I'm really curious if this is possible to do, as I'm using the https://registry.terraform.io/providers/hashicorp/helm/latest/docs#manifest experiment.

[eklesel]

Would also be very interested in this, we have a fairly hefty internal helm chart with a few dependencies and a large values input spread across multiple files. When a single values file is updated (even just adding a space), the entire metadata is recomputed and showing as changed, although the value is not known as it's computed.

From a recent plan, the metadata takes up 2183 lines of a total 2392, we're currently forced to redirect stdout of apply/plan runs to a text to then read the plan, and in CI it causes huge job logs which is completely unnecessary.

For us, the metadata of the helm chart is useless and we'd like to disable the computation if possible (or at least hide it from output).

We already mark the values file as sensitive because the output is similarly huge, it outputs the entire text file before/after instead of just showing the values which have changed/added/removed. For large values files this is useless for comparison, so we compare changes using the manifest experiment instead which works very well.

[sbeginCoveo]

We're in the same situation, we managed to silence the values diff, but now were back at square one with a huge and useless diff in our terraform plans

      ~ values                     = (sensitive value)

[eklesel]

Another point which is probably of more serious concern, the metatadata output will show sensitive values.

When changing any values in the helm_release resource the entire metadata output is shown, even if sensitive values aren't changed.

[BenB196]

Another point which is probably of more serious concern, the metatadata output will show sensitive values.

When changing any values in the helm_release resource the entire metadata output is shown, even if sensitive values aren't changed.

I don't believe this is (at least 100%) accurate, at least on the latest version 2.12.1.

Shows that some values that were set using set_sensitive are being properly hidden

[eklesel]

Apologies, @BenB196 is correct, I was mistaken as we do not use set_sensitive to set sensitive variables, therefore they're displayed.

It would be useful to have a values_sensitive parameter so that we can set sensitive values using freeform YAML, but that's another issue.