Basic support for provisioners in "removed" blocks #34753
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This new experiment keyword represents being able to declare provisioners in "removed" blocks, so that it's possible to retain a destroy-time provisioner even when the resource it belonged to is no longer declared in the configuration. However, that's not yet implemented as of this commit. The implementation associated with this keyword will follow in subsequent commits.
When the removed_provisioners experiment is active, removed blocks referring to managed resources are allowed to include "connection" and "provisioner" blocks, as long as all of the "provisioner" blocks specify when = destroy to indicate that they should execute as part of the resource's "destroy" action. This commit only deals with parsing the configuration. The logic to react to this during the apply phase will follow in later commits.
During the apply phase, we'll check if there are provisioners either in the matching "resource" block or the matching "removed" block -- whichever of the two is present -- and execute the destroy-time subset of them either way. This also establishes a standard way to attach a "removed" block to a NodeResourceAbstract when one is defined, which is likely to be useful for supporting other resource-related meta arguments in "removed" blocks in future. This code is currently accessible only to modules that opt in to the "removed_provisioners" language experiment, and therefore only available in alpha releases. One known limitation and design question from this initial implementation is: how should each.key, each.value, and count.index behave when used as part of a provisioner configuration in a "removed" block? This is a tricky question because whereas a "resource" block allows us to determine from the configuration whether we're using count, for_each, or neither, removed blocks must accept whatever happens to be in the state and so in unusual cases there might even be a mixture of numeric instance keys and string instance keys for the same resource, making it impossible to write a provisioner configuration that would work with both.
|
Others on the team are considering implementing something like what I prototyped here, so I'm going to close this draft with the hope that it'll be replaced with a more mergeable equivalent soon. 😀 |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
During the apply phase, we'll check if there are provisioners either in the matching
resourceblock or the matchingremovedblock -- whichever of the two is present -- and execute the destroy-time subset of them either way.This also establishes a standard way to attach a
removedblock to aNodeResourceAbstractwhen one is defined, which is likely to be useful for supporting other resource-related meta arguments inremovedblocks in future.This code is currently accessible only to modules that opt in to the
removed_provisionerslanguage experiment, and therefore only available in alpha releases.One known limitation and design question from this initial implementation is:
How should
each.key,each.value, andcount.indexbehave when used as part of aprovisionerconfiguration in aremovedblock?This is a tricky question because whereas a
resourceblock allows us to determine from the configuration whether we're usingcount,for_each, or neither -- and treat invalid references as an error --removedblocks must accept whatever happens to be in the state and so in unusual cases there might even be a mixture of numeric instance keys and string instance keys for the same resource, making it impossible to write a provisioner configuration that would work with both.Other notes/questions for future work:
destroy = false? Or should that instead mean "run the provisioner just before forgetting the object"?terraform rm aws_instance.examplethat would automatically replace theresource "aws_instance" "example"block with a matchingremovedblock, and copy over its destroy-time provisioners, to avoid the need to migrate them over manually?This is motivated by #34711 and part of #13549 .