search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.55k stars 9.53k forks source link

Support Override Files with resource for_each #27671

Open netzere opened 3 years ago

netzere commented 3 years ago

Current Terraform Version

0.14.3

Use-cases

The real use is to be able to dynamically set the prevent_destroy meta argument as a variable. We tracked this issue for a long time (https://github.com/hashicorp/terraform/issues/3116 and https://github.com/hashicorp/terraform/issues/3874) and it doesn't seem to have a progress.

As a workaround, we wanted to use override files to override the prevent_destroy meta argument and set it to false, in certain cases where we need to dynamically destroy resources.

This happens when our customers downgrade their license type, which in turn requires terminating resources on their clusters.

Attempted Solutions

We tried to use override files for that purpose, and when we detect that a downgrade should occur, our terraform wrapper will just move the override file to the right place prior to running terraform. Then, when terraform runs, the prevent_destroy is set to false and everybody is happy.

The thing is that we didn't see how we can use it along with resource for_each. Let's say that we declare multiple resources with resource for_each, and then we want to terminate only one of them using override files.

As a wrap up, this is a total workaround to the fact that we cannot use variables for the prevent_destroy field.

apparentlymart commented 3 years ago

Hi @netzere,

It seems to me like the real use-case here is that you want to be able to set prevent_destroy independently for each instance of a resource, and that this override files thing is merely a strategy you tried to use to work around having that capabillity?

The reason override files didn't work as a solution is also the reason why you can't set the value differently for each instance: this argument belongs to a resource as a whole, not to the individual instances of a resource. Therefore I don't think there's a path where we could solve it for override files without first addressing it without override files: the root problem here is that the syntax for prevent_destroy doesn't have any means to specify which instances you want to apply it to.

Given that, I'd like to rename this issue to better capture the underlying use-case rather than the attempted workaround, but I'm going to wait for you to confirm that before I do so. Thanks!

netzere commented 3 years ago

Thanks @apparentlymart , Yes, what you suggested totally makes sense. Feel free to change it.

Not only i'd like to use prevent_destroy independently for each instance of a resource, i'd like to set it with a variable, because it's dynamic just as the other resource's fields.