Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add command to enable running terraform destroy #193

Closed
lkysow opened this issue Jul 23, 2018 · 28 comments
Closed

Add command to enable running terraform destroy #193

lkysow opened this issue Jul 23, 2018 · 28 comments
Labels
feature New functionality/enhancement

Comments

@lkysow
Copy link
Member

lkysow commented Jul 23, 2018

No description provided.

@majormoses
Copy link
Contributor

Makes sense but could be dangerous, I would want the ability to enable/disable that support via config/cli args.

@MattPumphrey
Copy link

I like this idea, as not all items have an idea of a count, or if you have to refactor you need the ability to delete. If this becomes an organizational wide tool, then the support for performing a terraform delete should be available. However the only way I could see this happening is with the assumption of remote state.

@jolexa
Copy link
Contributor

jolexa commented Sep 27, 2018

How about atlantis plan -destroy instead? I haven't thought through all the implications of this though.

@osterman
Copy link

osterman commented Oct 22, 2018

We've implemented the destroy command here with @aknysh's help: cloudposse-archives#15 and cloudposse-archives#16

@osterman
Copy link

We implemented it as another top-level action. Using our other patch to support GitHub teams, we're able to restrict who can call plan, apply, destroy. These 3 commands address the full lifecycle of our infrastructure. We also only implement the destroy action in our testing manifest using our --repo-config command.

@lkysow
Copy link
Member Author

lkysow commented Dec 14, 2018

Atlantis can run destroy by running:

atlantis plan -- -destroy

Thanks to @jolexa and @mechastorm for pointing this out.

@lkysow lkysow closed this as completed Dec 14, 2018
@sryabkov
Copy link
Contributor

sryabkov commented Mar 7, 2019

atlantis plan -- -destroy doesn't seem to work with terragrunt :-(

@justinhauer
Copy link

So this will destroy previously deployed resources through atlantis?

@justinhauer
Copy link

it does, question answered

@lkysow lkysow added the feature New functionality/enhancement label Apr 9, 2019
@sryabkov
Copy link
Contributor

another issue related to destroy and custom workflows: #612

@dimisjim
Copy link
Contributor

why atlantis plan -- -destroy and not atlantis destroy ?

@lkysow
Copy link
Member Author

lkysow commented Jan 30, 2020

Because it didn't require any additional work.

@dimisjim
Copy link
Contributor

it introduces a bit of confusion though...

@osterman
Copy link

@dimisjim if there were an atlantis destroy command, then it wouldn't follow the plan then apply workflow. It would be an outlier and like running atlantis apply without running atlantis plan. While I agree the syntax is not beautiful, I think the solution is elegant as it just uses the built-in capability of teraform plan to generate a plan for destruction. Plus, it works with the built-in approval steps.

Note, I say this as someone who forked and implemented terraform destroy. However, that was some time ago and we had a change of heart. That's why we dropped support for it as well.

@kiddouk
Copy link

kiddouk commented Apr 21, 2020

I am commenting on this, as I think that this is not working while providing -d <dir>

atlantis plan -d <dir> -- -destroy just plans normally (ie: discards the -destroy)

@matthieudelaro
Copy link

I am commenting on this, as I think that this is not working while providing -d <dir>

atlantis plan -d <dir> -- -destroy just plans normally (ie: discards the -destroy)

Hi @kiddouk , did you find a solution to this issue? We'd like to use Atlantis but this might become a no-go issue.

@lkysow
Copy link
Member Author

lkysow commented May 20, 2020

That should work. Do you have a custom workflow that's not using the built in plan step?

@matthieudelaro
Copy link

Well, the workflow would be as follows:

  • an agent creates a PR: this PR deletes a whole folder containing the main.tf
  • we expect atlantis to deal with the PR by running terraform destroy in the deleted folder (taken from the master branch) to comply with the config described in the branch of the PR. It's OK for us that altantis run terraform plan to do that.

@angeloskaltsikis
Copy link

@matthieudelaro i guess what Luke was asking is whether you use a custom workflow of Atlantis? Btw something i observed if you delete a file/folder Atlantis still normally plans it as it has just been added. I guess that it would make sense that if you drop a file or folder Atlantis and you submit it in Git then you expect Atlantis to create a plan that destroys that resource.

If i understood correctly what you can do right now (by the above suggestions) is:

  1. an agent creates a PR: this PR deletes a whole folder containing the main.tf
  2. Atlantis plans those changes as those files that already have a state
  3. the agent should manually run atlantis plan -d <dir> -- -destroy and wait for destruction plans to be created
  4. Colleagues should review the PR
  5. the agent should run atlantis apply

In my opinion the only issue is the number (2) as Atlantis should have created destruction plans without having the user create those.

What other people think?

@angeloskaltsikis
Copy link

bump.
@lkysow can you also take a look please :-)?

@jasonrberk
Copy link

sorry to sound dumb, but if you delete the folder (and thereby the .hcl file), the plan step tells me there's no work to be done because there's no .hcl file. If I don't change something, I can't create a PR on which to comment atlantis plan. From a terragrunt point of view, how are people handling the destroy flow? chicken / egg

@angeloskaltsikis
Copy link

angeloskaltsikis commented Apr 14, 2021

Hello @jasonrberk ,
An easy way to destroy some resources is using a local variable inside terragrunt & atlantis plan like

locals {
  enabled = false
}
include {
  path = find_in_parent_folders()
}
terraform {
  source = local.enabled ? "git::https://gitlab.com/rivian/dc/platform/terraform-modules/foo.git?ref=0.0.3" : null
}
# Input variables consumed by terraform module
inputs = {
  desired_count = 1
}

After applying that you can drop the files altogether.

@jolexa
Copy link
Contributor

jolexa commented Apr 14, 2021

I don't use terragrunt, but it is common to do the following:

If I don't change something, I can't create a PR

git commit --allow-empty (an empty commit to open a PR)

or delete the resources and leave the workspace folder.

or atlantis plan -- -destroy (mentioned earlier, but requires a PR opened)

@lub0v-parsable
Copy link

An easy way to destroy some resources is using a local variable inside terragrunt & atlantis plan like

@angeloskaltsikis this is brilliant! Thank you so much!

msarvar added a commit that referenced this issue Mar 21, 2022
* Moved CommandContext and CommandResult to models (#193)

* Moved CommandContext and CommandResult to models

* move from models to command

rename CommandContext -> Context
rename CommandResult -> Result

* moved command related helpers into command package

* move ProjectCommandContext and ProjectResult to command/project package

* move project command context and project result

* revert unrelated code

* move tests

* fix left over

* fix linting

* fix tests

* remove unused import

* fix project context dependencies

* fix depenedecies

* fix typo
@foivos-christoulakis-mf

Hello @jasonrberk , An easy way to destroy some resources is using a local variable inside terragrunt & atlantis plan like

locals {
  enabled = false
}
include {
  path = find_in_parent_folders()
}
terraform {
  source = local.enabled ? "git::https://gitlab.com/rivian/dc/platform/terraform-modules/foo.git?ref=0.0.3" : null
}
# Input variables consumed by terraform module
inputs = {
  desired_count = 1
}

After applying that you can drop the files altogether.

unfortunately this does not work with multi-provider modules

This is what the rror looks like:

╷
│ Error: Provider configuration not present
│ 
│ To work with aws_route53_record.a_record["record01"] (orphan) its original
│ provider configuration at
│ provider["registry.terraform.io/hashicorp/aws"].dns_account is required,
│ but it has been removed. This occurs when a provider configuration is
│ removed while objects created by that provider still exist in the state.
│ Re-add the provider configuration to destroy
│ aws_route53_record.a_record["record01"] (orphan), after which you can
│ remove the provider configuration again.
╵
Releasing state lock. This may take a few moments...
ERRO[0009] 1 error occurred:
        * exit status 1

jamengual pushed a commit that referenced this issue Nov 23, 2022
* Moved CommandContext and CommandResult to models

* move from models to command

rename CommandContext -> Context
rename CommandResult -> Result

* moved command related helpers into command package

* move ProjectCommandContext and ProjectResult to command/project package

* move project command context and project result

* revert unrelated code

* move tests
krrrr38 pushed a commit to krrrr38/atlantis that referenced this issue Dec 16, 2022
…) (runatlantis#2093)

* Moved CommandContext and CommandResult to models (runatlantis#193)

* Moved CommandContext and CommandResult to models

* move from models to command

rename CommandContext -> Context
rename CommandResult -> Result

* moved command related helpers into command package

* move ProjectCommandContext and ProjectResult to command/project package

* move project command context and project result

* revert unrelated code

* move tests

* fix left over

* fix linting

* fix tests

* remove unused import

* fix project context dependencies

* fix depenedecies

* fix typo
@AnhQKatalon
Copy link

Hello @jasonrberk , An easy way to destroy some resources is using a local variable inside terragrunt & atlantis plan like

locals {
  enabled = false
}
include {
  path = find_in_parent_folders()
}
terraform {
  source = local.enabled ? "git::https://gitlab.com/rivian/dc/platform/terraform-modules/foo.git?ref=0.0.3" : null
}
# Input variables consumed by terraform module
inputs = {
  desired_count = 1
}

After applying that you can drop the files altogether.

after 2 years, this is the solution I needed to use atlantis with terragrunt lol

@jamengual
Copy link
Contributor

Do you know you can do a destroy plan?

atlantis plan -p myproject -- -destroy

that is a terraform flag.

and the count way you are doing is totally valid.

@kleinsmk
Copy link

atlantis plan -- -destroy

meringu pushed a commit to meringu/atlantis that referenced this issue May 29, 2023
…es-filter

find project paths based on filtered modified files
meringu pushed a commit to meringu/atlantis that referenced this issue May 29, 2023
meringu pushed a commit to meringu/atlantis that referenced this issue May 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New functionality/enhancement
Projects
None yet
Development

No branches or pull requests