Need a way of destroying bootstrap resources once UPI build completed

[rich-ehrhardt]

For a custom OpenShift IPI build, the bootstrap server, security rules and public IP are created to bootstrap the cluster's master nodes. Once the master nodes have the API running, the rest of the build is done by them and the bootstrap resources need to be removed for security. Options are,

1. use az cli to destroy the resources within a terraform null-resource Requires installation of the az tool for testing which is complex and has heavy storage requirements.
2. use terraform to call scripts which run another two terraform processes. First one creates the cluster, including the bootstrap and the second one destroys the bootstrap resources once the cluster is created. This has problems with multiple state files
3. use Ansible to run the two terraform processes Means deviating from the terraform/terragrunt apply-all script being used by other BOMs
4. use terragrunt to manage execution Needs investigation if possible.

[rich-ehrhardt]

terragrunt works with the following as an example creating the null_resource.create-bootstrap initially and then destroying it afterwards when running terragrunt apply --auto-approve:

terraform {
    after_hook "destroy_bootstrap" {
        commands = ["apply"]
        execute = ["terraform","destroy","-target","null_resource.create-bootstrap","--auto-approve"]
    }
}