search

aminueza / terraform-provider-minio

Terraform provider for managing MinIO S3 buckets and IAM Users.
https://registry.terraform.io/providers/aminueza/minio
GNU Affero General Public License v3.0
243 stars 73 forks source link

Feature Request: Prevent Bucket from getting destroyed #506

Open Nold360 opened 1 year ago

Nold360 commented 1 year ago

Description

When creating a bucket & then running terraform destroy the bucket will get deleted.

I would like to prevent the bucket from getting destroyed, even tho everything else (user, policy, ...) are getting destroyed. Sadly this is not possible with terraforms prevent_destroy lifecycle option.

So adding a prevent_destroy option to the bucket resource would be sufficient.

Steps to Reproduce

  1. terraform apply (creates bucket)
  2. terraform destroy (destroyes bucket)

Expected behavior: Bucket gets destoyed

Wanted / Optional behavior: Bucket doesn't get destroyed, but everything else

felladrin commented 1 year ago

Hi, @Nold360. Thanks for sharing! Can you open a PR with the change you described? That would help a lot, considering maintainers are mostly unavailable these days. We're also looking for more people to help maintain the provider, in case you're interested!

tobikris commented 1 year ago

I believe that this feature of terraform is already working as expected.

resource "minio_s3_bucket" "test" {
  bucket = "test"

  lifecycle {
    prevent_destroy = true
  }
}

and destroying it again will fail:

$ terraform destroy -target minio_s3_bucket.test
minio_s3_bucket.test3: Refreshing state... [id=test]
╷
│ Warning: Resource targeting is in effect
│ 
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current
│ configuration.
│ 
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform
│ specifically suggests to use it as part of an error message.
╵
╷
│ Error: Instance cannot be destroyed
│ 
│   on test.tf line 5:
│    5: resource "minio_s3_bucket" "test" {
│ 
│ Resource minio_s3_bucket.test has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the
│ plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag.

Is it possible that you are confusing this with commenting out/removing the configuration completely, @Nold360 ? Because in that case there is no protection by terraform - but that is expected, see https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#prevent_destroy.