Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: implement deletion protection #5626

Merged
merged 1 commit into from
Sep 26, 2024
Merged

Conversation

dpittner
Copy link
Contributor

@dpittner dpittner commented Sep 8, 2024

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

resolves #5534

This PR adds a generic capability in the provider for resources to opt-in for deletion prevention as it's done by other cloud providers. If the deletion_prevention attribute is true in the state file, deletion is denied. This means we're forcing the following to eventually delete:

  • update tf and set deletion_prevention = false
  • apply
  • Now the resource can be destroyed with sub-sequent destroys (or updates that are not in-place)

For a resource to opt-in for this mechanism, the attribute needs to be declared on the resource: https://github.com/IBM-Cloud/terraform-provider-ibm/pull/5626/files#diff-b40573e3ad8a35e372d9de0636a941c7c901d6120ed862478d72390d3578d6edR811

It seems sensible to support this mechanism for other resources too, COS, VPC, IKS/ROKS come to mind.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'

...

@dpittner dpittner marked this pull request as ready for review September 8, 2024 14:57
@@ -65,6 +65,8 @@ const (
ResourceStatus = "resource_status"
//ResourceGroupName ...
ResourceGroupName = "resource_group_name"
//DeletionProtection ...
DeletionProtection = "deletion_protection"
Copy link
Collaborator

@obai-1 obai-1 Sep 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Terraform has prevent_destroy attribute, documented here.

I wonder if it would be better to use that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in theory yes, practically, the issue is that variables can not be used in the lifecycle block: hashicorp/terraform#22544

@andrei-pirciu
Copy link

This would resolve my #5534 enhancement request. It would be much easier to control the deletion using a variable, rather than using some weird workaround like this.

@hkantare hkantare merged commit 77b3bb0 into IBM-Cloud:master Sep 26, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add deletion_protection argument to database resource
4 participants