hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.35k stars 1.75k forks source link

app_engine_application: disable appenging on destroy #5458

Open Anthonyntilelli opened 4 years ago

Anthonyntilelli commented 4 years ago

Community Note

Description

Currently Terraform does not destroy app engine due to limitations in GCP. I twould be nice if the application can be disabled, so It can no longer serve.

If you cannot disable the app explicitly, it should be render in such a way it can no-longer server. -> Possible place a Firewall rule that blocks all traffic?

New or Affected Resource(s)

References

https://cloud.google.com/appengine/docs/standard/python/console/?csw=1#disabling_an_application

b/359282919

paddycarver commented 4 years ago

Hi there! Thanks for the feedback.

I think the closest we're able to offer at this time is setting the serving_status field to USER_DISABLED, which might work. If it doesn't, we don't have many options beyond waiting for the upstream to make that functionality available to us.

I think setting a firewall rule is an interesting idea, but I think it's one I'd prefer to steer away from for now. terraform destroy has an implicit contract that it will clean up Terraform's resources, as much as it can, and so having a new resource created on deletion is something I'm hesitant to do. I'm also very hesitant to muck with users' firewall rules, as that can have some far-ranging impacts.

I think it's plausible we could set the serving status on destroy, if that works, but that would make this a breaking change and would require us to wait for version 4.0.0 of the provider.

ggtisc commented 3 months ago

This is an enhancement proposal to be reviewed since currently as terraform registry says App Engine applications cannot be deleted once they're created