I have a Terraform module that sets the administrator password based on a variable
admin_password = "${var.local_admin_password}"
However, var.local_admin_password
is no longer the only place that the password can come from. I need to change the logic to be something along these lines:
admin_password = "${var.local_admin_password != "" ? var.local_admin_password : module.secrets.local_admin_password}"
If local_admin_password
is supplied it uses that, but if that is not supplied then it should get a password from a secrets module.
This works great for new resources. But applying this to old resources triggers a change to the sensitive variable of admin_password
which triggers a new resource. Old resources will all have local_admin_password
supplied, so the value is not actually changing.
Is there a way to make this change in a way that Terraform recognises that the data is actually the same and not trigger a resource change?