terraform-azurerm-set-diff-analyzer
Installation
Summary
Identify false-positive diffs in Terraform AzureRM plans caused by Set-type attribute ordering.
- Analyzes
terraform planJSON output to distinguish spurious diffs (element reordering in Sets) from actual resource changes - Targets AzureRM resources with Set-type attributes: Application Gateway, Load Balancer, NSG, Firewall, Front Door, and others
- Requires Python 3.8+ and uses only standard library; integrates into CI/CD pipelines with configurable output formats and exit codes
- Helps reviewers focus on meaningful changes when terraform plan shows "all elements changed" despite minimal actual modifications
SKILL.md
Terraform AzureRM Set Diff Analyzer
A skill to identify "false-positive diffs" in Terraform plans caused by AzureRM Provider's Set-type attributes and distinguish them from actual changes.
When to Use
terraform planshows many changes, but you only added/removed a single element- Application Gateway, Load Balancer, NSG, etc. show "all elements changed"
- You want to automatically filter false-positive diffs in CI/CD
Background
Terraform's Set type compares by position rather than by key, so when adding or removing elements, all elements appear as "changed". This is a general Terraform issue, but it's particularly noticeable with AzureRM resources that heavily use Set-type attributes like Application Gateway, Load Balancer, and NSG.
These "false-positive diffs" don't actually affect the resources, but they make reviewing terraform plan output difficult.
Prerequisites
- Python 3.8+