You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.
Description
There are a ton of resources with some kind of deletion protection arguments. Right now, no error is raised when making a plan to delete a resource with deletion protection enabled. Deletion protection only raises an error during the apply.
This creates a poor user experience where:
Someone opens a PR, the plan passes and makes it look like the resource will be successfully deleted
They merge the PR and kick off the apply
The apply fails because of deletion protection
They have to open a second PR reverting the change that caused the resource destruction to be triggered and disabling the deletion protection and get that merged and applied
They have to open a third PR redoing the change they attempted in the first PR and get that merged/applied.
A marginal improvement to this flow based on current behavior would be
Someone opens a PR, the plan fails because it is trying to delete a resource that is protected by a deletion protection argument
They have to open a second PR that just disables the deletion protection and merge/apply that prior to continuing with the first PR
They rebase the first PR and it plans, merges and applies successfully
A much better user experience would be:
Someone opens a PR, the plan fails because it is trying to delete a resource that is protected by a deletion protection argument
They update the existing PR to disable the deletion protection, at which point it plans, merges, and applies successfully
Based on the conversation in hashicorp/terraform#36229 (comment), it appears that the provider should be able to implement these improved workflows.
While I think that this behavior should change globally, if there are objections to plans failing because of deletion protection it could potentially be governed by a setting on the provider itself. But in my opinion, that complexity doesn't make a lot of sense because I don't know why someone would want to deliberately have failed applies.
Community Note
Description
There are a ton of resources with some kind of deletion protection arguments. Right now, no error is raised when making a plan to delete a resource with deletion protection enabled. Deletion protection only raises an error during the apply.
This creates a poor user experience where:
A marginal improvement to this flow based on current behavior would be
A much better user experience would be:
Based on the conversation in hashicorp/terraform#36229 (comment), it appears that the provider should be able to implement these improved workflows.
While I think that this behavior should change globally, if there are objections to plans failing because of deletion protection it could potentially be governed by a setting on the provider itself. But in my opinion, that complexity doesn't make a lot of sense because I don't know why someone would want to deliberately have failed applies.
New or Affected Resource(s)
Potential Terraform Configuration
N/A, no configuration changes required
References
The text was updated successfully, but these errors were encountered: