问题
I have a AWS CodePipeline configured in a terraform file, like this:
resource {
name = "Cool Pipeline"
...
stage {
name = "Source"
...
action {
name = "Source"
...
configuration {
Owner = "Me"
Repo = "<git-repo-uri>"
Branch = develop
OAuthToken = "b3287d649a28374e9283c749cc283ad74"
}
}
}
lifecycle {
ignore_changes = "OAuthToken"
}
}
The reason for ignoring the token, is that the AWS API doesn't show that token to terraform, instead AWS API outputs this with aws codepipeline get-pipeline <name>:
"pipeline": {
"stages": {
"name": "Source",
"actions": {
"configuration": {
"OAuthToken": "****"
}
}
}
}
Result is, when I perform the terraform planit shows me it wants to update that token, like so:
module.modulename.aws_codepipeline.codepipeline
stage.0.action.0.configuration.%: "3" => "4"
stage.0.action.0.configuration.OAuthToken: "" => "b3287d649a28374e9283c749cc283ad74"
My question is, how can I get the ignore_changes to take effect? I've tried this without any success:
ignore_changes = ["OAuthToken"]
ignore_changes = ["oauthtoken"]
ignore_changes = ["stage.action.configuration.OAuthToken"]
All examples I've found googling just shows how to ignore on the same block level.
(The token is this text is fake.)
回答1:
This syntax, as hinted by terraform plan output, solved the problem:
ignore_changes = [
"stage.0.action.0.configuration.OAuthToken",
"stage.0.action.0.configuration.%"
]
Another way to solve it is to add the GITHUB_TOKEN system environment variable, with the token as the value. This way you do not need the ignore_changes directive in the tf files.
来源:https://stackoverflow.com/questions/48243968/terraform-ignore-changes-and-sub-blocks