From 7dd551d46a6e54b1e4dabaf04d719b8a63e0eb6e Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Fri, 30 Aug 2024 08:56:49 -0600
Subject: [PATCH 1/3] Ignore customer_managed_key in the storage account
 because it is managed by a separate resource

---
 operations/template/storage.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/operations/template/storage.tf b/operations/template/storage.tf
index ee260250e..20437d4b1 100644
--- a/operations/template/storage.tf
+++ b/operations/template/storage.tf
@@ -9,9 +9,11 @@ resource "azurerm_storage_account" "storage" {
   min_tls_version                   = "TLS1_2"
   infrastructure_encryption_enabled = true
 
-  #   below tags are managed by CDC
+
   lifecycle {
     ignore_changes = [
+      customer_managed_key,
+      # below tags are managed by CDC
       tags["business_steward"],
       tags["center"],
       tags["environment"],

From d9b79daba7d83af87fe1c8d45a3a990a865ea174 Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Fri, 30 Aug 2024 09:23:21 -0600
Subject: [PATCH 2/3] Also ignore some tags in another resource

---
 operations/template/app.tf  | 18 ++++++++++++++++++
 operations/template/docs.tf |  4 ++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/operations/template/app.tf b/operations/template/app.tf
index 6d051132d..3a1d03489 100644
--- a/operations/template/app.tf
+++ b/operations/template/app.tf
@@ -41,6 +41,24 @@ resource "azurerm_user_assigned_identity" "key_vault_identity" {
   location            = data.azurerm_resource_group.group.location
 
   name = "key-vault-identity-${var.environment}"
+
+  lifecycle {
+    ignore_changes = [
+      # below tags are managed by CDC
+      tags["business_steward"],
+      tags["center"],
+      tags["environment"],
+      tags["escid"],
+      tags["funding_source"],
+      tags["pii_data"],
+      tags["security_compliance"],
+      tags["security_steward"],
+      tags["support_group"],
+      tags["system"],
+      tags["technical_steward"],
+      tags["zone"]
+    ]
+  }
 }
 
 resource "azurerm_role_assignment" "allow_app_to_pull_from_registry" {
diff --git a/operations/template/docs.tf b/operations/template/docs.tf
index b48e9f49e..4c537b3c9 100644
--- a/operations/template/docs.tf
+++ b/operations/template/docs.tf
@@ -13,9 +13,10 @@ resource "azurerm_storage_account" "docs" {
     index_document = "index.html"
   }
 
-  #   below tags are managed by CDC
   lifecycle {
     ignore_changes = [
+      customer_managed_key,
+      # below tags are managed by CDC
       tags["business_steward"],
       tags["center"],
       tags["environment"],
@@ -28,7 +29,6 @@ resource "azurerm_storage_account" "docs" {
       tags["system"],
       tags["technical_steward"],
       tags["zone"],
-      customer_managed_key,
     ]
   }
 

From 7a2f1b5741f7bed9a5b5f11df1af0609e1f5034a Mon Sep 17 00:00:00 2001
From: halprin <halprin@users.noreply.github.com>
Date: Fri, 30 Aug 2024 09:26:01 -0600
Subject: [PATCH 3/3] Remove vertical whitespace

---
 operations/template/storage.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/operations/template/storage.tf b/operations/template/storage.tf
index 20437d4b1..d3ba0a27c 100644
--- a/operations/template/storage.tf
+++ b/operations/template/storage.tf
@@ -9,7 +9,6 @@ resource "azurerm_storage_account" "storage" {
   min_tls_version                   = "TLS1_2"
   infrastructure_encryption_enabled = true
 
-
   lifecycle {
     ignore_changes = [
       customer_managed_key,