terraform-azurerm-set-diff-analyzer
Terraform AzureRMプランにおいて、Set型属性の順序付けによって生じる誤検出の差分を特定します。terraform planのJSON出力を解析し、Set内の要素の並び替えによる見かけ上の差分と実際のリソース変更を区別します。対象はApplication Gateway、Load Balancer、NSG、Firewall、Front Doorなど、Set型属性を持つAzureRMリソースです。Python 3.8以上が必要で、標準ライブラリのみを使用します。設定可能な出力形式と終了コードによりCI/CDパイプラインに統合でき、レビュー担当者の負担を軽減します。
npx skills add https://github.com/github/awesome-copilot --skill terraform-azurerm-set-diff-analyzerTerraform AzureRM Set Diff Analyzer
A skill to identify "false-positive diffs" in Terraform plans caused by AzureRM Provider's Set-type attributes and distinguish them from actual changes.
When to Use
terraform planshows many changes, but you only added/removed a single element- Application Gateway, Load Balancer, NSG, etc. show "all elements changed"
- You want to automatically filter false-positive diffs in CI/CD
Background
Terraform's Set type compares by position rather than by key, so when adding or removing elements, all elements appear as "changed". This is a general Terraform issue, but it's particularly noticeable with AzureRM resources that heavily use Set-type attributes like Application Gateway, Load Balancer, and NSG.
These "false-positive diffs" don't actually affect the resources, but they make reviewing terraform plan output difficult.
Prerequisites
- Python 3.8+
If Python is unavailable, install via your package manager (e.g., apt install python3, brew install python3) or from python.org.
Basic Usage
# 1. Generate plan JSON output
terraform plan -out=plan.tfplan
terraform show -json plan.tfplan > plan.json
# 2. Analyze
python scripts/analyze_plan.py plan.json
Troubleshooting
python: command not found: Usepython3instead, or install PythonModuleNotFoundError: Script uses only standard library; ensure Python 3.8+
Detailed Documentation
- scripts/README.md - All options, output formats, exit codes, CI/CD examples
- references/azurerm_set_attributes.md - Supported resources and attributes