PluginBench
Skill
Official
Review
Audit score 70

terraform-azurerm-set-diff-analyzer

github/awesome-copilot

Spot real Terraform AzureRM changes by filtering out noisy Set-attribute reorder diffs.

What is terraform-azurerm-set-diff-analyzer?

This skill analyzes Terraform plan JSON output for AzureRM Provider resources to identify false-positive diffs caused by Set-type attribute reordering, separating them from genuine resource changes. Use it when terraform plan shows excessive 'changed' elements for resources like Application Gateway, Load Balancer, Firewall, Front Door, or NSG after only a small actual modification.

  • Parses Terraform plan JSON output for AzureRM resources
  • Identifies Set-type attributes prone to order-based false-positive diffs
  • Distinguishes order-only changes from actual resource changes
  • Provides exit codes and output formats suitable for CI/CD integration

How to install terraform-azurerm-set-diff-analyzer

npx skills add https://github.com/github/awesome-copilot --skill terraform-azurerm-set-diff-analyzer
Prerequisites
  • Python 3.8+ installed
  • Terraform CLI to generate plan and plan JSON output
Claude Code
Cursor
Windsurf
Cline

How to use terraform-azurerm-set-diff-analyzer

  1. 1.Generate a Terraform plan and save it: terraform plan -out=plan.tfplan
  2. 2.Convert the plan to JSON: terraform show -json plan.tfplan > plan.json
  3. 3.Run the analyzer: python scripts/analyze_plan.py plan.json
  4. 4.Review the output to see which diffs are false-positive (order-only) vs actual changes
  5. 5.Optionally integrate the script into CI/CD to auto-filter false-positive diffs

Use cases

Good for
  • Reviewing a large terraform plan diff to confirm only one element was actually added/removed from a Set attribute
  • Investigating why an Application Gateway or Load Balancer shows all elements as changed after a minor config tweak
  • Filtering false-positive diffs automatically in a CI/CD pipeline before requiring manual approval
  • Auditing NSG, Firewall, or Front Door plan output for genuine security or routing changes vs ordering noise
Who it's for
  • Terraform/DevOps engineers managing Azure infrastructure
  • Platform teams reviewing pull requests with terraform plan output
  • CI/CD pipeline maintainers wanting automated diff filtering for AzureRM resources

terraform-azurerm-set-diff-analyzer FAQ

Why does terraform plan show all elements changed when I only added one?

Terraform's Set type compares elements by position rather than by key, so adding or removing an element shifts positions and makes all elements appear as 'changed' even though they aren't.

Does this skill modify my Terraform state or resources?

No. It only analyzes the JSON output of terraform plan to distinguish false-positive ordering diffs from real changes; it does not apply or modify anything.

What Azure resources does this help with?

Resources with Set-type attributes such as Application Gateway, Load Balancer, Firewall, Front Door, and NSG, where internal ordering changes cause spurious diffs.

What do I need installed to use this?

Python 3.8+ (standard library only, no extra modules needed).

Full instructions (SKILL.md)

Source of truth, from github/awesome-copilot.


name: terraform-azurerm-set-diff-analyzer description: Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes. license: MIT

Terraform AzureRM Set Diff Analyzer

A skill to identify "false-positive diffs" in Terraform plans caused by AzureRM Provider's Set-type attributes and distinguish them from actual changes.

When to Use

  • terraform plan shows many changes, but you only added/removed a single element
  • Application Gateway, Load Balancer, NSG, etc. show "all elements changed"
  • You want to automatically filter false-positive diffs in CI/CD

Background

Terraform's Set type compares by position rather than by key, so when adding or removing elements, all elements appear as "changed". This is a general Terraform issue, but it's particularly noticeable with AzureRM resources that heavily use Set-type attributes like Application Gateway, Load Balancer, and NSG.

These "false-positive diffs" don't actually affect the resources, but they make reviewing terraform plan output difficult.

Prerequisites

  • Python 3.8+

If Python is unavailable, install via your package manager (e.g., apt install python3, brew install python3) or from python.org.

Basic Usage

# 1. Generate plan JSON output
terraform plan -out=plan.tfplan
terraform show -json plan.tfplan > plan.json

# 2. Analyze
python scripts/analyze_plan.py plan.json

Troubleshooting

  • python: command not found: Use python3 instead, or install Python
  • ModuleNotFoundError: Script uses only standard library; ensure Python 3.8+

Detailed Documentation