terraform-example-foundation icon indicating copy to clipboard operation
terraform-example-foundation copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Add destroy option in tf-wrapper.sh

Open amandakarina opened this issue 5 years ago • 8 comments

The tf-wrapper.sh have 3 options of terraform execution: init, plan and apply.

I've missed the destroy option when my terraform state got inconsistent. The easier way was destroy and re-apply.

I needed to destroy manually the terraform destroy, this is the expected way to do it? Is there any reason that detroy is not a option for script?

amandakarina avatar Jul 28 '20 14:07 amandakarina

I am kinda split on this. On on hand it make sense to have this as we have plan and apply. But in reality I don't think from a GitOps perspective the CI would ever actually execute a terraform destroy. The closest that could happen is maybe removing all the resources and then doing a terraform apply.

I think a destroy like you mentioned would be a manual intervention and at that point it is expected that you cd into right env folder and destroy.

@rjerrems @mikelaramie @morgante any thoughts this and how this has been done?

bharathkkb avatar Jul 28 '20 22:07 bharathkkb

I think we might need to eventually add this, but I wouldn't prioritize it as for normal operations the workflow would be to remove and apply.

morgante avatar Jul 28 '20 22:07 morgante

I've worked on adding the destroy option by updating the tf wrapper script and adding cloudbuild-tf-destroy.yaml file. The teardown went fine until I got to org level where I ran into an error deleting the logging bucket which requires force destroy. As you plan out the feature update I thought that this error message might help.

Error: Error when reading or editing Dataset: googleapi: Error 400: Dataset prj-c-logging-1103:audit_logs is still in use, resourceInUse Error: Error trying to delete bucket bkt-prj-c-logging-1103-org-logs-d0ec containing objects without force_destroy set to true

jasonbisson avatar Feb 20 '21 17:02 jasonbisson

As noted only these variables needed to be set to true.

variable "log_export_storage_force_destroy" { description = "(Optional) If set to true, delete all contents when destroying the resource; otherwise, destroying the resource will fail if contents are present." type = bool default = true }

variable "audit_logs_table_delete_contents_on_destroy" { description = "(Optional) If set to true, delete all the tables in the dataset when destroying the resource; otherwise, destroying the resource will fail if tables are present." type = bool default = true }

jasonbisson avatar Feb 20 '21 18:02 jasonbisson

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Apr 21 '21 23:04 github-actions[bot]

@bharathkkb - Is there any plans to add an automated destroy capability?

stevena-cloudsec avatar Nov 28 '22 18:11 stevena-cloudsec

@stevena-cloudsec Yes we plan to add this

bharathkkb avatar Nov 29 '22 01:11 bharathkkb

@bharathkkb - Any Updates on when this functionality will be added?

stevena-cloudsec avatar Sep 13 '23 19:09 stevena-cloudsec