terraform-provider-aws icon indicating copy to clipboard operation
terraform-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Enhancement]: terraform plan -destroy should not show bucket if bucket is not empty

Open paololazzari opened this issue 3 years ago • 2 comments

Description

Terraform source

terraform {
  required_version = ">= 0.13.1"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.20.0"
    }
  }
}

resource "aws_s3_bucket" "mybucket" {
    bucket = "terraform-github-issue-example"
}

Deploy

$ terraform apply -auto-approve

Upload object to bucket

$ echo "foo" > foo.txt
$ aws s3 cp foo.txt s3://terraform-github-issue-example

Plan deletion

$ terraform plan -destroy
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_s3_bucket.mybucket will be destroyed
  - resource "aws_s3_bucket" "mybucket" {

If I try to delete it, I see this error (which is expected)

$ terraform destroy -auto-approve
aws_s3_bucket.mybucket: Destroying... [id=terraform-github-issue-example]
╷
│ Error: deleting S3 Bucket (terraform-github-issue-example): BucketNotEmpty: The bucket you tried to delete is not empty

Enhancement description

I think terraform plan -destroy should be smart enough to understand that the bucket should not destroyed because there are objects within it. So ideally, if the bucket is not empty and force_destroy is false, terraform plan -destoy should not show the bucket.

Would you like to implement a fix?

Yes

paololazzari avatar Nov 23 '22 15:11 paololazzari

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

github-actions[bot] avatar Nov 23 '22 15:11 github-actions[bot]

Personally, I'd say how it works now is good.

If the Terraform definition for a resource is removed, the resource should also try to be removed from AWS - no matter the status of the resource.

IMO Terraform should be the single source of truth, so if you tell TF to delete everything, it should try and do just that. If something stops that from happening, alert the user with a failure.

p5 avatar Nov 30 '22 01:11 p5