Terraform AzureRM Set Diff Analyzer A skill to identify "false-positive diffs" in Terraform plans caused by AzureRM Provider's Set-type attributes and distinguish them from actual changes. When to Use terraform plan shows many changes, but you only added/removed a single element Application Gateway, Load Balancer, NSG, etc. show "all elements changed" You want to automatically filter false-positive diffs in CI/CD Background Terraform's Set type compares by position rather than by key, so when adding or removing elements, all elements appear as "changed". This is a general Terraform issue, but it's particularly noticeable with AzureRM resources that heavily use Set-type attributes like Application Gateway, Load Balancer, and NSG. These "false-positive diffs" don't actually affect the resources, but they make reviewing terraform plan output difficult. Prerequisites Python 3.8+ If Python is unavailable, install via your package manager (e.g., apt install python3 , brew install python3 ) or from python.org . Basic Usage

1. Generate plan JSON output

terraform plan -out = plan.tfplan terraform show -json plan.tfplan

plan.json

2. Analyze

python scripts/analyze_plan.py plan.json

Troubleshooting

python: command not found

Use

python3

instead, or install Python

ModuleNotFoundError

Script uses only standard library; ensure Python 3.8+ Detailed Documentation scripts/README.md - All options, output formats, exit codes, CI/CD examples references/azurerm_set_attributes.md - Supported resources and attributes