Auto approve shouldn't be binary option (deletion/modification protection) - Githubissues

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

https://www.terraform.io/

Other

42.71k stars 9.55k forks source link

Auto approve shouldn't be binary option (deletion/modification protection) #25327

Open nirroz93 opened 4 years ago

nirroz93 commented 4 years ago

Current Terraform Version

All version (Feature Request) Terraform v0.12.26

Use-cases

terraform apply -auto-approve will destroy/modify anything no matter what.

In an automation that should only create thing, it would be nice to have deletion protection and modification protection when running it.

Attempted Solutions

Proposal

The flag should accept 1 of the following options (or more):

Approve everything no matter what (current behaviour )
Approve automatically if the changes don't destroy any resource (otherwise fail)
Approve automatically if there are only new resources (I think this was TF<0.11 behaviour)

Another option is to add another flag (or flags) for deletion/modification protection.

References

23722

vinayprakash893 commented 1 month ago

ANY update on this..?