-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add deletion_protection
to google_storage_bucket
#7868
Comments
Something like deletion_protection already exists with the name force_destroy. The Google API requires the buckets to be empty before they are deleted. Terraform doesn't empty the bucket if force_destroy is not set to true. As long as you set force_destroy to false or leave it undefined (defaults to false) terraform won't destroy the bucket if it has objects in it. |
Perfect I'll use that then (already used it but wasn't sure if it was similar to I also have a similar question to #7869. Would that be possible to return an exit code of 0 without displaying any error when a bucket is not deleted? |
Unlike #7869, the API returns an error if you try to delete a bucket with objects in it. We can't make it exit with a code of 0. https://cloud.google.com/storage/docs/deleting-buckets#json-api |
So I guess adding the |
I don't think it is needed and I don't understand why you want terraform to exit code 0 when an incorrect configuration is being applied. I expect a pipeline to break if terraform is deleting a bucket that has force_destroy set to false and it is not empty. I don't see an issue with deleting an empty bucket and deletion_protection isn't worth it for such situations. |
My use-case is a bit different actually. I want to create a bucket with So when I apply In short, replace a db instance with a bucket in #7869 and you'll understand my point. |
We are a little hesitant the same However I'm going to leave this open to collect additional feedback, and in case folks feel strongly otherwise. Also worth reading is hashicorp/terraform#24658. |
Thanks for the feedback. I don't think my use-case is very special and feel like I am not the only person that needs that flag. I am deploying an application that requires one database to store archived objects and an associated bucket storing the log files for each archived object of the database. I want both to persist while other resources (mostly networks, sa, clusters and compute instances) can be safely deleted during a destroy procedure. More generally both a database and a bucket are designed to store and persist data so I feel like both should be treated the same way in regard to that. Also, the Anyway, I think you got my point so I will stop here xD. Thanks for the assistance. |
About hashicorp/terraform#24658, I totally understand that |
Additionally, I think that it's useful for all |
Using |
Replied inline to #7869 (along with ndmckinley) that Terraform returning a |
We now have a more formal policy around deletion protection: https://googlecloudplatform.github.io/magic-modules/docs/best-practices/ We likely wouldn't want to add deletion protection unless we're planning to deprecate force_destroy, which would be a breaking change. |
Co-authored-by: Edward Sun <sunedward@google.com> Signed-off-by: Modular Magician <magic-modules@google.com>
GCS' policy to not allow deleting buckets with data alongside |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
When
deletion_protection
is set totrue
for agoogle_sql_database_instance
resource, the DB resource is not destroyed withterraform destroy
which is an excellent feature. Could we have the samedeletion_protection
flag for bucketgoogle_storage_bucket
?Unless the same behaviour is already possible?
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: