terrajet
terrajet copied to clipboard
Support per-Resource `lifecycle.prevent_destroy` meta-arg Configuration
What problem are you facing?
For certain Terraform resources like Azure's PostgreSQL server configuration, we should not be including the lifecycle.prevent_destroy
meta-arg in order to properly implement updates. Refer to https://github.com/crossplane-contrib/provider-jet-azure/issues/97 for one such example.
How could Terrajet help solve your problem?
We could extend our resource configuration framework with an AllowDestroy
parameter.
Can the merge of the proposed override option in PR #159 be reconsidered please?
Not all jet providers do have a native counterpart. Trying to use the terrajet generated cluster/project role bindings of the provider-jet-rancher ends in
\"summary\":\"Instance cannot be destroyed\",\"detail\":\"Resource rancher2_cluster_role_template_binding.xxx has lifecycle.prevent_destroy set\"
during planning.
The upstream terraform provider docs: https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster_role_template_binding
Most attributes are ForceNew
.
The only thing this resource does is create a binding/mapping between a rancher cluster/project, a role (role template in rancher terms) and a user or group. In other words it grants a user/group (e.g. ldap group) a set of permissions (role template) for a specific cluster or project.