地形，"ignore_changes"和子块 [英] Terraform, "ignore_changes" and sub-blocks

问题描述

我在terraform文件中配置了一个AWS CodePipeline，如下所示:

I have a AWS CodePipeline configured in a terraform file, like this:

resource {
    name = "Cool Pipeline"
    ...

    stage {
        name = "Source"
        ...

        action {
            name = "Source"
            ...

            configuration {
                Owner = "Me"
                Repo = "<git-repo-uri>"
                Branch = develop
                OAuthToken = "b3287d649a28374e9283c749cc283ad74"
            }
        }
    }

    lifecycle {
        ignore_changes = "OAuthToken"
    }
}

忽略令牌的原因是，AWS API不会将令牌显示为Terraform，而是AWS API使用aws codepipeline get-pipeline <name>输出该令牌:

The reason for ignoring the token, is that the AWS API doesn't show that token to terraform, instead AWS API outputs this with aws codepipeline get-pipeline <name>:

"pipeline": {
    "stages": {
        "name": "Source",
        "actions": {
            "configuration": {
                "OAuthToken": "****"
            }
        }
    }
}

结果是，当我执行terraform plan时，它向我显示它想要更新该令牌，如下所示:

Result is, when I perform the terraform planit shows me it wants to update that token, like so:

module.modulename.aws_codepipeline.codepipeline
      stage.0.action.0.configuration.%:          "3" => "4"
      stage.0.action.0.configuration.OAuthToken: "" => "b3287d649a28374e9283c749cc283ad74"

我的问题是，如何使ignore_changes生效?我已经尝试过了，但没有成功:

My question is, how can I get the ignore_changes to take effect? I've tried this without any success:

ignore_changes = ["OAuthToken"]
ignore_changes = ["oauthtoken"]
ignore_changes = ["stage.action.configuration.OAuthToken"]

我发现的所有示例都只是在相同的块级别上展示了如何忽略.

All examples I've found googling just shows how to ignore on the same block level.

(令牌是该文本是假的.)

(The token is this text is fake.)

推荐答案

terraform plan输出所暗示的这种语法解决了该问题:

This syntax, as hinted by terraform plan output, solved the problem:

ignore_changes = [
    "stage.0.action.0.configuration.OAuthToken",
    "stage.0.action.0.configuration.%"
]

另一种解决方法是添加GITHUB_TOKEN系统环境变量，并将令牌作为值.这样，您就不需要在tf文件中使用ignore_changes指令.

Another way to solve it is to add the GITHUB_TOKEN system environment variable, with the token as the value. This way you do not need the ignore_changes directive in the tf files.

这篇关于地形，"ignore_changes"和子块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！