Feature request: prevent_changes lifecycle meta-argument

[saiya]

Current Terraform Version

0.12.16

Use-cases

resource "aws_subnet" "something" {
  # After I create this, this attribute should not be changed. 
  cidr_block = $very_complecated_computation

  lifecycle {
    prevent_changes = [ "cidr_block" ]
  }
}

Attempted Solutions

When we operate large infrastructure with terraform, it is easy to make mistake. Especially when we write complicated expressions and/or use variables & data resources, it may result in unexpected value.

I know we can check plan to detect unexpected changes by visual inspection. But any human could make mistake. To prevent accidentally changing "important" attribute, I propose this feature.

Proposal

Add prevent_changes lifecycle meta-argument. It takes list of attribute names to reject any plan to change it.

Additional benefit of this proposal is user-friendly behavior. Take an above aws_subnet example, if I erroneously changes cidr_block, terraform not only changes aws_subnet but also changes massive resources that depends on the value of the changed attribute. Understanding root cause of the large plan is tough work. With the prevent_changes, we can easily understand the issue.

References

I quickly searched this repository but did not found any proposal / works related to this proposal.