Support multiple runs to add/remove tags

[defenestration]

Is your feature request related to a problem? Please describe.

I tested running a few times to add tags. Since my files are backed by git i used the -rename=false flag. The locals block added to each file was fine. However, the resources with tags ended up with new merge functions each time:

+ tags = merge(merge(local.terratag_added_main, local.terratag_added_main), local.terratag_added_main)

Describe the solution you'd like

Terratag should be able to detect the merge block and not add additional ones.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Seems like the intent is to run once and modify from there, but this doesn't seem to be called out in the docs really.

Additional context
Add any other context or screenshots about the feature request here.

Seems like it would be useful also to have an option to manage a single terratag local out of one file in the repo, rather than adding a different local to each separate file. Being able to rename or set the local name used would also be useful.

[TomerHeber]

Hi @defenestration ,

Thank you for reaching out.
Terratag was designed to run every time.

Imagine you have a CI/CD pipeline for terraform/tofu.
One of your steps is to run terratag, which will add all the tags and replace the old files with new tagged ones.

It sounds like you prefer to commit to a repo the changes terratag makes to your files.

That's a viable option for sure. But I would love to learn more about your use-case and why you prefer to do it in this manner.

Thanks!

[defenestration]

The main thought is, don't want to add another app into to the CICD process. While woudlnt' be hard to do, there can be security concerns there.

One thing I also found about running terratag, that merging from existing tag blocks changed the order, the terratag ones were merged last, meaning they override the ones sent on the resource. This wasn't desired in our setup either.

[TomerHeber]

I appreciate you taking the time to explain your use case. It helps us understand the need for this feature.

While we agree that the feature you've described would be useful, we've identified a key challenge in reliably distinguishing between append and replace operations. This distinction is crucial for accurate and predictable behavior, and we haven't yet found a robust way to define it in all situations.

Because of this complexity, we don't have immediate plans to implement this feature. We want to avoid introducing functionality that could lead to unexpected or inconsistent results. However, we'll keep this request in mind as we continue to develop Terratag and explore potential solutions to this challenge. If you have any further insights or ideas on how to address the append/replace ambiguity, we'd be very interested to hear them.

The best option at the moment is to add terratag to your CI flow:
https://www.env0.com/blog/github-actions-terratag