Our TF workflow uses a pair of pipelines (one for the plan (PR), one for the apply). We are mindful of stale PRs, but to ensure there are no changes between the time the PR is planned and the time it’s applied, we’d like to re-plan the PR and calculate a checksum based on the JSON output of the plan file.
The problem is, the JSON output from the same planfile can change from one invocation to the next. For example … Given the file
myplan.tfout , if one were to run
terraform plan show -json myplan.tfout | shasum twice and then compare the outputs, it may actually produce different results. It doesn’t always happen, but it’s almost sure to be a problem in stacks with a large number of resources.
I’ve traced this behaviour back to a single node in the JSON ,
prior_state – the sorting of this data is inconsistent (some kind of parallel data assembly maybe).
Given this, can anybody enlighten me as to the purpose of this data in the planfile? I am not sure its presence even figures into a calculation of change. Moreover, should this behaviour be considered a bug?