terraform: introduce local revision variable and data resource

terraform/infrastructure/aws/main.tf

@@ -55,6 +55,13 @@ locals {
 
   in_cluster_endpoint     = aws_lb.front_end.dns_name
   out_of_cluster_endpoint = var.internal_load_balancer && var.debug ? module.jump_host[0].ip : local.in_cluster_endpoint
+  revision                = 1
+}
+
+# A way to force replacement of resources if the provider does not want to replace them
+# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by
+resource "terraform_data" "replacement" {
+  input = local.revision
 }
 
 resource "random_id" "uid" {

terraform/infrastructure/azure/main.tf

@@ -48,6 +48,13 @@ locals {
 
   in_cluster_endpoint     = var.internal_load_balancer ? azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address : azurerm_public_ip.loadbalancer_ip[0].ip_address
   out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint
+  revision                = 1
+}
+
+# A way to force replacement of resources if the provider does not want to replace them
+# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by
+resource "terraform_data" "replacement" {
+  input = local.revision
 }
 
 resource "random_id" "uid" {
@@ -304,38 +311,3 @@ data "azurerm_user_assigned_identity" "uaid" {
   name                = local.uai_name
   resource_group_name = local.uai_resource_group
 }
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["nodeports"]
-  from = azurerm_network_security_group.security_group.security_rule["nodeports"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["kubernetes"]
-  from = azurerm_network_security_group.security_group.security_rule["kubernetes"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["bootstrapper"]
-  from = azurerm_network_security_group.security_group.security_rule["bootstrapper"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["verify"]
-  from = azurerm_network_security_group.security_group.security_rule["verify"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["recovery"]
-  from = azurerm_network_security_group.security_group.security_rule["recovery"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["join"]
-  from = azurerm_network_security_group.security_group.security_rule["join"]
-}
-
-moved {
-  to   = azurerm_network_security_rule.nsg_rule["debugd"]
-  from = azurerm_network_security_group.security_group.security_rule["debugd"]
-}

terraform/infrastructure/gcp/main.tf

@@ -60,6 +60,13 @@ locals {
   ]
   in_cluster_endpoint     = var.internal_load_balancer ? google_compute_address.loadbalancer_ip_internal[0].address : google_compute_global_address.loadbalancer_ip[0].address
   out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint
+  revision                = 1
+}
+
+# A way to force replacement of resources if the provider does not want to replace them
+# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by
+resource "terraform_data" "replacement" {
+  input = local.revision
 }
 
 resource "random_id" "uid" {

terraform/infrastructure/openstack/main.tf

@@ -59,6 +59,11 @@ locals {
   cloudsyaml_path       = length(var.openstack_clouds_yaml_path) > 0 ? var.openstack_clouds_yaml_path : "~/.config/openstack/clouds.yaml"
   cloudsyaml            = yamldecode(file(pathexpand(local.cloudsyaml_path)))
   cloudyaml             = local.cloudsyaml.clouds[var.cloud]
+  revision              = 1
+}
+
+resource "terraform_data" "replacement" {
+  input = local.revision
 }
 
 resource "random_id" "uid" {

terraform/infrastructure/qemu/main.tf

@@ -23,6 +23,13 @@ locals {
   cidr_vpc_subnet_nodes          = "10.42.0.0/22"
   cidr_vpc_subnet_control_planes = "10.42.1.0/24"
   cidr_vpc_subnet_worker         = "10.42.2.0/24"
+  revision                       = 1
+}
+
+# A way to force replacement of resources if the provider does not want to replace them
+# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by
+resource "terraform_data" "replacement" {
+  input = local.revision
 }
 
 resource "random_password" "init_secret" {