Skip to content

azurerm_set_attributes.md

Latest commit

 

History

History
145 lines (109 loc) · 3.87 KB

azurerm_set_attributes.md

File metadata and controls

145 lines (109 loc) · 3.87 KB

AzureRM Set-Type Attributes Reference

This document explains the overview and maintenance of azurerm_set_attributes.json.

Last Updated: January 28, 2026

Overview

azurerm_set_attributes.json is a definition file for attributes treated as Set-type in the AzureRM Provider. The analyze_plan.py script reads this JSON to identify "false-positive diffs" in Terraform plans.

What are Set-Type Attributes?

Terraform's Set type is a collection that does not guarantee order. Therefore, when adding or removing elements, unchanged elements may appear as "changed". This is called a "false-positive diff".

JSON File Structure

Basic Format

{
  "resources": {
    "azurerm_resource_type": {
      "attribute_name": "key_attribute"
    }
  }
}
  • key_attribute: The attribute that uniquely identifies Set elements (e.g., name, id)
  • null: When there is no key attribute (compare entire element)

Nested Format

When a Set attribute contains another Set attribute:

{
  "rewrite_rule_set": {
    "_key": "name",
    "rewrite_rule": {
      "_key": "name",
      "condition": "variable",
      "request_header_configuration": "header_name"
    }
  }
}
  • _key: The key attribute for that level's Set elements
  • Other keys: Definitions for nested Set attributes

Example: azurerm_application_gateway

"azurerm_application_gateway": {
  "backend_address_pool": "name",           // Simple Set (key is name)
  "rewrite_rule_set": {                     // Nested Set
    "_key": "name",
    "rewrite_rule": {
      "_key": "name",
      "condition": "variable"
    }
  }
}

Maintenance

Adding New Attributes

  1. Check Official Documentation

    • Search for the resource in Terraform Registry
    • Verify the attribute is listed as "Set of ..."
    • Some resources like azurerm_application_gateway have Set attributes noted explicitly

  2. Check Source Code (more reliable)

    • Search for the resource in AzureRM Provider GitHub
    • Confirm Type: pluginsdk.TypeSet in the schema definition
    • Identify attributes within the Set's Schema that can serve as _key

  3. Add to JSON

    "azurerm_new_resource": {
  "set_attribute": "key_attribute"
}

  4. Test

    # Verify with an actual plan
python3 scripts/analyze_plan.py your_plan.json

Identifying Key Attributes

Common Key Attribute Usage
name Named blocks (most common)
id Resource ID reference
location Geographic location
address Network address
host_name Hostname
null When no key exists (compare entire element)

Related Tools

analyze_plan.py

Analyzes Terraform plan JSON to identify false-positive diffs.

# Basic usage
terraform show -json plan.tfplan | python3 scripts/analyze_plan.py

# Read from file
python3 scripts/analyze_plan.py plan.json

# Use custom attribute file
python3 scripts/analyze_plan.py plan.json --attributes /path/to/custom.json

Supported Resources

Please refer to azurerm_set_attributes.json directly for currently supported resources:

# List resources
jq '.resources | keys' azurerm_set_attributes.json

Key resources:

  • azurerm_application_gateway - Backend pools, listeners, rules, etc.
  • azurerm_firewall_policy_rule_collection_group - Rule collections
  • azurerm_frontdoor - Backend pools, routing
  • azurerm_network_security_group - Security rules
  • azurerm_virtual_network_gateway - IP configuration, VPN client configuration

Notes

  • Attribute behavior may differ depending on Provider/API version
  • New resources and attributes need to be added as they become available
  • Defining all levels of deeply nested structures improves accuracy