Hi,
I am experiencing an issue, where ACLs are updated in-place on every deployment. The only thing that changes is the credentials block.
The credentials are being picked up from the environment (CI secrets) and don't change. The way I got around the issue was to ignore the changes to credentials using the lifecycle option.
terraform {
required_version = "= 1.2.3"
backend "s3" {}
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.19.0"
}
confluent = {
source = "confluentinc/confluent"
version = "0.11.0"
}
}
}# Provision ACLs
resource "confluent_kafka_acl_v3" "acl" {
# Used for interacting with Confluent Cloud Kafka cluster
credentials {
key = var.confluentcloud_api_key
secret = var.confluentcloud_api_secret
}
# The host for the ACL. Should be set to * for Confluent Cloud
host = "*"
# Iterate over ACLs
for_each = { for acl in var.acls : acl.tf_key => acl }
# Give or deny permission
permission = each.value.permission
operation = each.value.operation
# On a resource (usually a topic or a group), with name starting with ${each.value.resource_name}
resource_type = each.value.resource_type
resource_name = each.value.resource_name
pattern_type = each.value.pattern_type
# In a Kafka cluster
rest_endpoint = local.cc_kafka_clusters[var.locale][var.environment].endpoint
kafka_cluster {
id = local.cc_kafka_clusters[var.locale][var.environment].cluster_id
}
# To service account
principal = format("User:%s", confluent_service_account_v2.principal.id)
# Prevent the credentials being changed on subsequent runs
lifecycle {
ignore_changes = [credentials]
}
}
Hi,
I am experiencing an issue, where ACLs are updated in-place on every deployment. The only thing that changes is the
credentialsblock.The credentials are being picked up from the environment (CI secrets) and don't change. The way I got around the issue was to ignore the changes to
credentialsusing thelifecycleoption.