terraform-github-actions icon indicating copy to clipboard operation
terraform-github-actions copied to clipboard

Published 20 hours ago verified publisher icon dflook

Unused attributes not hidden in plan but hidden in apply

Open glenthomas opened this issue 3 years ago • 3 comments

Problem description

I am seeing differences in the plan between plan and apply stages where unused attributes show as default values (empty string, empty map, etc.) in the plan, but are hidden attributes in the plan generated during apply. As far I can tell everything is the same (Terraform version, AWS provider version - v4.29.0, my code, module inputs, etc.), except for the GitHub action being used (plan vs apply).

pull request plan example resource:

  # module.lambda_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
      + code_signing_config_arn        = ""
      + description                    = ""
      ~ filename                       = "builds/00e09c6044aba872efc6fada670dfab04c573f1acf332ef8a2c81f0c7e2d3d1f.zip" -> "builds/16deeb725b0d8d8e363cc4e39e5afb31b3ef8a0643e3f6acbc3c353b1d363376.zip"
        id                             = "my-handler"
      + image_uri                      = ""
      ~ last_modified                  = "2022-09-06T09:37:00.000+0000" -> (known after apply)
      + signing_job_arn                = ""
      + signing_profile_version_arn    = ""
        tags                           = {}
        # (19 unchanged attributes hidden)

      ~ environment {
          + variables = {
              + "TOKEN"   = (sensitive)
              + "SECRET" = (sensitive)
            }
        }

        # (2 unchanged blocks hidden)
    }

same resource in the apply plan:

  # module.lambda_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
      ~ filename                       = "builds/00e09c6044aba872efc6fada670dfab04c573f1acf332ef8a2c81f0c7e2d3d1f.zip" -> "builds/51914ad4e21dbb8090013cea9e1a7ab02556c56c662d15ba25b563eba93ed4fe.zip"
        id                             = "my-handler"
      ~ last_modified                  = "2022-09-06T09:37:00.000+0000" -> (known after apply)
        tags                           = {}
        # (24 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

Any idea why the plan is different?

Terraform version

1.2.8

Backend

s3

Workflow YAML

No response

Workflow log

No response

glenthomas avatar Sep 06 '22 13:09 glenthomas

Is it possible the change was applied before the proper apply job was run? (assuming that the lambda package changes every time/was changed externally).

dflook avatar Sep 06 '22 14:09 dflook

Is it possible the change was applied before the proper apply job was run? (assuming that the lambda package changes every time/was changed externally).

There are no changes being applied between the plan and apply in GitHub Actions

glenthomas avatar Sep 06 '22 15:09 glenthomas

When I run the plan on my local machine the unused inputs are hidden, when it runs via the dflook plan action it shows the empty strings being added.

glenthomas avatar Sep 06 '22 17:09 glenthomas