Terraform,"ignore_changes"和子块

Question

我在terraform文件中配置了AWS CodePipeline,如下所示:

resource {
    name = "Cool Pipeline"
    ...

    stage {
        name = "Source"
        ...

        action {
            name = "Source"
            ...

            configuration {
                Owner = "Me"
                Repo = "<git-repo-uri>"
                Branch = develop
                OAuthToken = "b3287d649a28374e9283c749cc283ad74"
            }
        }
    }

    lifecycle {
        ignore_changes = "OAuthToken"
    }
}

忽略令牌的原因是AWS API没有将该令牌显示为terraform,而是AWS API通过以下方式输出aws codepipeline get-pipeline <name>:

"pipeline": {
    "stages": {
        "name": "Source",
        "actions": {
            "configuration": {
                "OAuthToken": "****"
            }
        }
    }
}

结果是,当我执行terraform plan它时,它显示我想要更新该令牌,如下所示:

module.modulename.aws_codepipeline.codepipeline
      stage.0.action.0.configuration.%:          "3" => "4"
      stage.0.action.0.configuration.OAuthToken: "" => "b3287d649a28374e9283c749cc283ad74"

我的问题是,我怎样才能ignore_changes使其生效？我试过这个但没有成功:

ignore_changes = ["OAuthToken"]
ignore_changes = ["oauthtoken"]
ignore_changes = ["stage.action.configuration.OAuthToken"]

我发现谷歌搜索的所有示例都显示了如何在同一块级别上忽略.

(令牌是这个文字是假的.)

Answer 1

此语法已弃用

ignore_changes = [
    "stage.0.action.0.configuration.OAuthToken",
    "stage.0.action.0.configuration.%"
]

但由于某种原因，新的在 v1.0.0 中被忽略了

ignore_changes = [
  stage[0].action[0].configuration.OAuthToken,
  stage[0].action[0].configuration,
]

Answer 2

正如terraform plan输出所暗示的,这种语法解决了这个问题:

ignore_changes = [
    "stage.0.action.0.configuration.OAuthToken",
    "stage.0.action.0.configuration.%"
]

另一种解决方法是添加GITHUB_TOKEN系统环境变量,并将标记作为值.这样,您就不需要ignore_changestf文件中的指令.