Álvaro Torres Cogollo

Hi @domruf , In think [Kyverno](https://github.com/kyverno/kyverno) should work for this. The approach mentioned is similar to [this clusterpolicy](https://github.com/kyverno/policies/blob/main/other/add_volume_deployment/add_volume_deployment.yaml).

I think something like this would work: ```yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: inject-certs annotations: policies.kyverno.io/title: Autoinject custom CA to pods policies.kyverno.io/category: Certificates policies.kyverno.io/subject: Pod policies.kyverno.io/description: >- Automount custom...

Probably I should rewrite it in a proper way (using something like cobra for cli parameters, include tests, support for different operative systems, etc). It was more like a test...

As an additional note, the terraform-aws-lambda maintainer made a good reason why this should be built-in in opentofu in [this comment](https://github.com/terraform-aws-modules/terraform-aws-lambda/pull/552#issuecomment-2022554223). It means a lot of code duplication and significantly...

Making `ignore_changes` dynamic will be enough for the use case. Since you could decide if you want to ignore it or not simply by doing: ```terraform module "this" { ......

Thanks @marcinwyszynski . That makes sense. It also might be worth noting that there is a terraform-plugin-sdk issue opened: * https://github.com/hashicorp/terraform-plugin-sdk/issues/736 I'm personally ok with having the additional plaintext resource...

In case it's useful for someone else, I was able to workaround this issue like this (it's cleaner if you use it with a module tbh): ```hcl variable "environment_variables" {...

Remove stale label

Remove stale label

IMO, I don't think it's realistic to assume that popular module maintainers will maintain independent .tofu files to support both terraform and opentofu. Here there is an example: * https://github.com/terraform-aws-modules/terraform-aws-secrets-manager/pull/17...