Remove tfstate on Terraform delete

[hulquest]

Hello! I'm wondering if state removal in conjunction with .spec.destroyResourcesOnDeletion has come up as an issue in the past. I searched but didn't find anything. I like the idea for the way I'm using tf-controller because there are no resources leaked after deletion of the Terraform resource. The tfstate Secret remains today.

What is the opinion of removing the state Secret when the underlying resources are deleted? I'll guess an S3 state backend makes this request more difficult. Maybe talk about both cases (Kubernetes and external which can be AWS, GCP, etc...)?

========

User Story:

As a user of the Terraform Controller, I'd like to have the option to remove the tfstate on Terraform delete, so that there's no resource leakage and the system is cleaner.

Acceptance Criteria:

• [ ] Ability to support tfstate removal upon Terraform resource deletion.
• [ ] Implement option to remove tfstate for both Kubernetes and external (AWS, GCP, etc.) backends.
• [ ] Documentation updated regarding tfstate removal
• [ ] Testing added

[chanwit]

Hi @hulquest thank you for your inputs.

Normally when destroying resources on the object deletion, we would have also deleted its tfstate secret.

But there would be an important use case in the near future which would enable use to immediately revert the commit and get everything back.

This recovery use case is feasible, but still in the design phase. It's a reason that we still leave the tfstate inside the cluster.

Let me know what do you think.

[hulquest]

Thanks for the quick response @chanwit. If there is a feature in the works to restore from existing state then I don't mean to complicate things. When is the feature scheduled to be worked on, roughly? I won't hold you to it 😄 Maybe after it's done I can look and propose a way remove state on deletion. Or can this be designed in from the start?