search

elastic / terraform-provider-elasticstack

Terraform provider for Elastic Stack
https://registry.terraform.io/providers/elastic/elasticstack/latest/docs
Apache License 2.0
164 stars 85 forks source link

Improve documentation around configuring deletion_protection = false #703

Open tempoivo opened 1 month ago

tempoivo commented 1 month ago

Clarify the intended workflow required to delete/replace indices managed with deletion_protection=true.

Original issue

Describe the bug If you create an index initially with deletion_protection = true, you are unable to delete it after changing to deletion_protection = false. It keeps returning: Error: cannot destroy index without setting deletion_protection=false and running terraform apply

Same behaviour if you initially create the index with deletion_protection = false; after you turn it to true, you are still able to delete the index without any error, which should be prevented.

To Reproduce Steps to reproduce the behavior:

  1. TF configuration used: 
    
terraform {
required_version = ">= 1.0.0"
required_providers {
elasticstack = {
  source  = "elastic/elasticstack"
  version = "~>0.9"
}
}
}

provider "elasticstack" { elasticsearch { endpoints = ["http://elastic01.internal:9200"] username = var.admin_username password = var.admin_password } }

resource "elasticstack_elasticsearch_index" "index-0001" { name = "index-0001"

deletion_protection = true

mappings = jsonencode({ properties = { field1 = { type = "date" } } })

number_of_shards = 1 number_of_replicas = 0 }

2. TF operations to execute to get the error:

- `terraform apply`
- Change any value, like mapping field type, to force replacement, and also set `deletion_protection = false`
- `terraform apply`

3. See the error in the output:

elasticstack_elasticsearch_index.index-0001: Destroying... [id=SAv5uMFYSA-prywrU6dE_g/index-0001] │ Error: cannot destroy index without setting deletion_protection=false and running terraform apply



**Expected behavior**
It should be able to destroy the index when `deletion_protection` changed to `false`.

**Versions:**
 - OS: MacOS
 - Terraform Version: 1.9.3
 - Provider Version: 0.11.4
 - Elasticsearch Version: 8.14.3
tobio commented 1 month ago

This behaviour was intentional by the original author of this part of the code. It forces a 2 phased application for any action resulting in index deletion and IIRC mimics the behaviour on the GCP provider (and potentially others with similar attributes).

The intended workflow is:

  1. terraform apply with deletion_protection=true
  2. Reset deletion_protection by terraform apply with deletion_protection=false and not changes forcing replacement
  3. Delete the index or apply changes requiring replacement (like mapping field type).