Add terraform-azurerm-set-diff-analyzer skill

Add a new skill that analyzes Terraform plan JSON output for AzureRM Provider
to distinguish between false-positive diffs (order-only changes in Set-type
attributes) and actual resource changes.

This skill helps users identify 'noise' in terraform plan output caused by
Azure API returning Set elements in different order, making plan reviews
easier and reducing confusion in CI/CD pipelines.

Bundled assets:
- references/azurerm_set_attributes.json
- references/azurerm_set_attributes.md
- scripts/analyze_plan.py
This commit is contained in:
Toru Makabe
2026-01-29 19:13:01 +09:00
parent ccdfd66cc2
commit 1b9ff37cf9
7 changed files with 1556 additions and 0 deletions

View File

@@ -0,0 +1,37 @@
---
name: terraform-azurerm-set-diff-analyzer
description: Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.
license: MIT
---
# Terraform AzureRM Set Diff Analyzer
A skill to identify "false-positive diffs" in Terraform plans caused by AzureRM Provider's Set-type attributes and distinguish them from actual changes.
## When to Use
- `terraform plan` shows many changes, but you only added/removed a single element
- Application Gateway, Load Balancer, NSG, etc. show "all elements changed"
- You want to automatically filter false-positive diffs in CI/CD
## Background
Terraform's Set type compares by position rather than by key, so when adding or removing elements, all elements appear as "changed". This is a general Terraform issue, but it's particularly noticeable with AzureRM resources that heavily use Set-type attributes like Application Gateway, Load Balancer, and NSG.
These "false-positive diffs" don't actually affect the resources, but they make reviewing terraform plan output difficult.
## Basic Usage
```bash
# 1. Generate plan JSON output
terraform plan -out=plan.tfplan
terraform show -json plan.tfplan > plan.json
# 2. Analyze
python scripts/analyze_plan.py plan.json
```
## Detailed Documentation
- [scripts/README.md](scripts/README.md) - All options, output formats, exit codes, CI/CD examples
- [references/azurerm_set_attributes.md](references/azurerm_set_attributes.md) - Supported resources and attributes