Open siepkes opened 5 years ago
twhiteman
commented
4 years ago Curious on why you want to keep the _deletionprotection flag out of the Triton Terraform provider - as it defaults to false and is optional most people won't notice/care this flag exists at all.
For a user case, I would think that one could use this as way to protect a data instance (like a database) from getting accidentally destroyed.
siepkes
commented
4 years ago For a user case, I would think that one could use this as way to protect a data instance (like a database) from getting accidentally destroyed.
That's also how I want to use it. However I want to control this manually outside of Terraform. I have seen situations caused by Terraform operators and one time even by a Terraform bug in which VM's got deleted which never should have been deleted.
For example say you have a CouchDB deployment of 3 VM's then you never want all 3 VM's to be destroyed at the same time since that would mean data loss / service loss. So I would like to be able to mark at least one as "undelete-able" outside of Terraform as a safe guard.
But like I said it could be that I'm choosing the wrong approach here so I'm curious how other people guard themselves against such scenario's.
twhiteman
commented
4 years ago I'm not sure if this was clear, but just in case, the deletion protection is a flag (an attribute) that is saved on the instance (stored inside the Triton datacenter) and it is the Triton datacenter that will stop the deletion from occurring (not the Terraform Triton provider) when this flag is set.
This deletion protection flag can also be managed outside of Terraform: https://apidocs.joyent.com/cloudapi/#EnableMachineDeletionProtection
The Terraform Triton provider is just toggling that deletion protection flag, rather than trying to perform deletion protection itself.
siepkes
commented
4 years ago Triton datacenter that will stop the deletion from occurring (not the Terraform Triton provider) when this flag is set.
Yes that's clear to me, thats actually what I'm trying to do ;-). I want Triton as a last line of defense.
But iirc Terraform will see and then clear the flag on apply even if you don't specify the flag at all in a Terraform config. So (again, iirc) if you set the flag on Triton the next Terraform apply run Terraform will see it and unset it. I'll try to setup a small test and report back.
In commit 31281527a5b74234318cd2bfb03443cea12bf8a3 support for managing the
deletion_protectionflag was added to the Triton provider. Personally I see the flag more as a last line of defense against Terraform operator SNAFU's or Terraform bugs. In which case you can ensure certain VM's don't get destroyed by Terraform unless they have been explicitly "unlocked". So this is the one thing I personally would rather keep out of Terraform.Would you guys be open to a PR which for example added a flag called
ignore_deletion_prevention_stateto the provider which could be used to make the Triton provider stop managing the deletion state?I could also be entirely wrong in my line of thinking so I'm also genuinely curious to hear how people use the
deletion_protectionflag in their Terraform configuration.