terraform-provider-awscc icon indicating copy to clipboard operation
terraform-provider-awscc copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

awscc_ecr_repository resource empty_on_delete has no effect

Open hd40910 opened this issue 11 months ago • 2 comments

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.0.11 on linux_amd64

provider registry.terraform.io/hashicorp/aws v5.0.1 provider registry.terraform.io/hashicorp/awscc v0.71.0

Affected Resource(s)

AWSCC and Amazon ECR

Terraform Configuration Files

data "aws_caller_identity" "current" {}

locals {
    account_id = data.aws_caller_identity.current.account_id
}

resource "awscc_ecr_repository" "ecr" {
  for_each                 = { for idx, ecr in var.ecr_name : idx => ecr }
  repository_name          = each.value["repo_name"]
  encryption_configuration = {
    encryption_type = var.encrypt_type
}
  image_tag_mutability     = var.image_tag_mutability
  image_scanning_configuration = {
    scan_on_push = var.scan_on_push
}
  empty_on_delete           = true
  repository_policy_text    = replace(var.repository_policy_text,"AUTO_REPLACED_ACCOUNT_ID",local.account_id)
  lifecycle_policy          = {
    lifecycle_policy_text   = each.value["policy_name"] == "common" ? var.lifecycle_policy_text_common : var.lifecycle_policy_text_other
}
  tags                      = var.default_tags
}

Debug Output

$ terraform apply "out.tfstate"
module.ecr-repo.awscc_ecr_repository.ecr["2"]: Destroying... [id=atomiq_platform1/test2]
module.ecr-repo.awscc_ecr_repository.ecr["1"]: Destroying... [id=atomiq_common/test1]
module.ecr-repo.awscc_ecr_repository.ecr["0"]: Destroying... [id=atomiq_common/test]
module.ecr-repo.awscc_ecr_repository.ecr["1"]: Destruction complete after 2s
module.ecr-repo.awscc_ecr_repository.ecr["2"]: Destruction complete after 7s
╷
│ Error: AWS SDK Go Service Operation Unsuccessful
│
│ Calling Cloud Control API service DeleteResource operation returned: waiter state transitioned to FAILED. StatusMessage: The
│ repository with name 'atomiq_common/test' in registry with id '191065203777' cannot be deleted because it still contains images      
│ (Service: Ecr, Status Code: 400, Request ID: ea54cf3b-8780-402a-877c-9cbfe1117fb3). ErrorCode: GeneralServiceException
╵

Expected Behavior

I should be able to remove the repo even if there are images pushed to it, this should work as empty_on_delete is true

Actual Behavior

Error out saying it is not able to as repo is not empty

Steps to Reproduce

Create repo with empty_on_delete as true Push an image Try to destroy the repo

hd40910 avatar Mar 08 '24 15:03 hd40910

This appears to be an issue in the underlying CloudFormation resource, have escalated this internally.

kadrach avatar Mar 11 '24 04:03 kadrach

related to #1422

wellsiau-aws avatar Apr 09 '24 19:04 wellsiau-aws