Allow terraform's ignore_changes to ignore everything except INCLUDED attributes

[scott-doyland-burrows]

Current Terraform Version

0.13.2

Use-cases

We currently create an artifact in Azure DevOps pipelines which consists of the terraform files.
We then pull this artifact into our release pipelines.
Our release pipeline has multiple stages for test/dev/uat and so on.

We may use the artifact to deploy test, but then not deploy dev/uat for some time (dev/uat infrastructure remains as it was).

But what we want to do is push out some firewall/IP settings to all environments. We can setup a new pipeline to do this.
However when this new pipeline runs it pulls in the LATEST artifact - ie the artifact used in test. This is then used to deploy the firewall/IP changes BUT of course this means the latest artifact also gets deployed to dev/uat.

Now, potentially there are pipeline changes we can implement to work around this.

But our ideal scenario would be an option in terraform to ONLY update certain attributes and ignore all the rest.

So like an ignore_changes, but rather than coding each attribute to ignore, we can code which attribute to NOT ignore.
So in the resource block:

ignore_all_attributes {
exceptions = <attribute_name>
}

And being able to ignore entire modules would great as well. We could ruin main.tf - this would have five modules, we only want to update the firewall/IPs that are in one particular module. Somehow main.tf can ignore four modules, and just run one module.

This module ignores all attributes in its resource(s) except the specific ones relating to the "exceptions" criteria.

So in effect, when our "support person" runs a pipeline, we can be guaranteed that the terraform code we setup specially for them, will only alter firewall/IP settings, and ignore all other settings.

I hope that makes some sense.

Regards,
Scott

[User7845]

+1. This would now have come VERY handy. So please implement this.