I am using GitHub actions by dflook to plan and apply. I have an issue where the plan is showing optional arguments as being newly added with default values on resource update, even though the values already exist in the state file.
For example:
# module.lambda_function.aws_lambda_function.this[0] will be updated in-place
~ resource "aws_lambda_function" "this" {
+ code_signing_config_arn = ""
~ description = ""
~ filename = "builds/91ccf6639bdfdbf11690efa12b483187e969f81b88e29b469d439205113fb997.zip" -> "builds/3c29952b35915946a8eb156ce8381eebd6117045d228110aeedeed16b15c76a3.zip"
id = "my-handler"
+ image_uri = ""
~ last_modified = "2022-09-06T17:31:22.000+0000" -> (known after apply)
+ signing_job_arn = ""
+ signing_profile_version_arn = ""
tags = {}
# (18 unchanged attributes hidden)
~ environment {
+ variables = {
+ "TOKEN" = (sensitive)
+ "SECRET" = (sensitive)
}
}
# (2 unchanged blocks hidden)
}
When the apply action is run it generates a new plan to compare with the previous one and this time the arguments are hidden as expected
# module.lambda_function.aws_lambda_function.this[0] will be updated in-place
~ resource "aws_lambda_function" "this" {
~ filename = "builds/00e09c6044aba872efc6fada670dfab04c573f1acf332ef8a2c81f0c7e2d3d1f.zip" -> "builds/16deeb725b0d8d8e363cc4e39e5afb31b3ef8a0643e3f6acbc3c353b1d363376.zip"
id = "my-handler"
~ last_modified = "2022-09-06T17:31:22.000+0000" -> (known after apply)
tags = {}
# (24 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Does anyone know any reason that this might happen? The Terraform and AWS provider versions are the same for both plans, I cannot see any difference. I’m wondering if there is some switch that would cause this.