search

equinor / terraform-baseline

Best practices for creating reusable Terraform modules using the Azure provider
https://equinor.github.io/terraform-baseline/
MIT License
10 stars 5 forks source link

Unable to explicitly destroy SQL database #154

Closed hknutsen closed 3 months ago

hknutsen commented 4 months ago

Module Name

sql

Module Version

10.3.1

Terraform Version

1.8.0

Description

Use of the prevent_destroy meta-argument in the database submodule prevents the use of terraform destroy to explicitly destroy a database, for example during a disaster recovery drill where we tear everything down to rebuild it. This prevents any teardown of databases using Terraform, which means that databases will have to be tore down using other tools (e.g. using the az sql db delete Azure CLI command), which can lead to dangling resources (e.g. diagnostic settings) that might then lead to errors during future applies.

Relevant lines of code that I think should be removed: https://github.com/equinor/terraform-azurerm-sql/blob/deb06d70f3c90b8747dabf0bcdf99786d8034587/modules/database/main.tf#L52-L55

Example Terraform Configuration

No response

Steps to Reproduce

No response

hknutsen commented 4 months ago

@equinor/terraform-baseline-maintainers I think the prevent_destroy meta-argument should be removed from the database submodule, and that an Azure delete lock should be preferred instead (as documented in best practices).

helenakallekleiv commented 3 months ago

@equinor/terraform-baseline-maintainers I think the prevent_destroy meta-argument should be removed from the database submodule, and that an Azure delete lock should be preferred instead (as documented in best practices).

I agree. We could document in the README.md that its recommended to use the prevent_destroy meta-argument and/or demonstrate in the examples how its used with a comment?

hknutsen commented 3 months ago

@equinor/terraform-baseline-maintainers After some testing, I can confirm that resources configured with prevent_destroy can still be explicitly destroyed by commenting out the relevant module block. I think this is an argument in favor of allowing (and maybe even promoting) the use of this meta-argument, to prevent accidental deletion of stateful resources such as databases and storage, then commenting out modules if you need to explicitly delete something. Thoughts? 🙂