Ignore_changes warning


I’m getting the following warning from terraform 1.2:

│ Warning: Redundant ignore_changes element
│ on ../../modules/cloudflare_record/main.tf line 14, in resource "cloudflare_record" "record":
│ 14: resource "cloudflare_record" "record" {
│ Adding an attribute name to ignore_changes tells Terraform to ignore future changes to the argument in configuration after the object has been created, retaining the value originally configured.
│ The attribute metadata is decided by the provider alone and therefore there can be no configured value to compare with. Including this attribute in ignore_changes has no effect. Remove the attribute from ignore_changes to quiet this
│ warning.
│ (and 5 more similar warnings elsewhere)

I opened a bug report with the Cloudflare provider, but it was closed with no meaningful investigation besides pointing to Terraform core as the culprit. Is that the case?

We need to ignore these changes because a 3rd-party service changes cloudflare_record’s metadata, and they show up in tf plan. This messes up our config drift detection because there are always changes.

Hi @gtirloni,

The ignore_changes feature is to ignore differences between the configuration and the state. If the given attribute is computed, that means there cannot be any configuration for that value, hence there is nothing to ignore.

If references to that computed attribute are causing unwanted changes to other resources, then you can use ignore_changes in those resources to prevent future updates.

Hi @gtirloni!

I added a comment to the issue in the provider just because I didn’t want to leave that issue dangling without an answer, but I think we should continue talking here to avoid disturbing the provider maintainers further with what is a Terraform language concern.

As @jbardin said, setting ignore_changes in this way wouuld’ve been silently ignored without doing anything in earlier versions of Terraform, and so the only change in Terraform v1.2 has been to emit a warning to make it clear that this setting is ineffective.

Your mention of drift detection makes me suspect that you were trying to use ignore_changes with terraform plan -refresh-only, or similar, to avoid seeing the “Changes outside of Terraform” note. The ignore_changes setting does not affect Terraform’s behavior of updating the state to reflect any outside changes to the remote object, so I don’t think this setting should be important for drift detection. If it is making a difference in older versions of Terraform then I’d love to hear more details about that, because it sounds like something unusual is happening and we may be able to find you a different answer to that problem.

Thanks @jbardin and @apparentlymart , this has been a great learning experience.

I think this has been a huge mistake on my part. Here’s my theory: We’ve been experimenting with ArgoCD while at the same time Cloudflare may have added some metatada to DNS records that are related to “Cloudflare Argo” (that showed up in the changes outside Terraform output). 1+1=2 , we thought “ArgoCD is adding metadata to Cloudflare DNS records and it’s conflicting with Terraform”… :man_facepalming:

    metadata        = {
        "auto_added"             = "false"
        "managed_by_apps"        = "false"
        "managed_by_argo_tunnel" = "false"
        "source"                 = "primary"

So it seems the warning is actually doing its job by uncovering this bogus situation on our code. Thanks for adding it.