If I am not mistaken, the following scenario would be commonplace:
- Given Terraform deploys Web App and Function App
- And an Azure Pipeline deploys code and Environment Variables
- Then straight away Terraform lifecycle ignore_changes [app_settings] becomes a necessity to ignore drift due to the separate concerns.
However there are then still many possibilities that require Terraform to add or maintain Environment Variables e.g. add new secret stored in a Key Vault and use via Environment Variable. A app-specific variable that makes sense to provision via Terraform due to use of Terraform-sourced values or what not.
I have not seen any discussion or feature request for (an obvious, to me) a child resource “azurerm_windows_web_app_variable” or similar, for managing individual Environment Variables subseqently, outside of the app_settings {} block?
How do people handle this scenario?
Am I missing something? Thank you community