mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-06 14:13:16 -06:00
a43b7df282
Previously we used a single plan action "Replace" to represent both the destroy-before-create and the create-before-destroy variants of replacing. However, this forces the apply graph builder to jump through a lot of hoops to figure out which nodes need it forced on and rebuild parts of the graph to represent that. If we instead decide between these two cases at plan time, the actual determination of it is more straightforward because each resource is represented by only one node in the plan graph, and then we can ensure we put the right nodes in the graph during DiffTransformer and thus avoid the logic for dealing with deposed instances being spread across various different transformers and node types. As a nice side-effect, this also allows us to show the difference between destroy-then-create and create-then-destroy in the rendered diff in the CLI, although this change doesn't fully implement that yet.
50 lines
1.7 KiB
Go
50 lines
1.7 KiB
Go
package terraform
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/terraform/plans"
|
|
|
|
"github.com/hashicorp/hcl2/hcl"
|
|
|
|
"github.com/hashicorp/terraform/addrs"
|
|
"github.com/hashicorp/terraform/configs"
|
|
"github.com/hashicorp/terraform/tfdiags"
|
|
)
|
|
|
|
// EvalPreventDestroy is an EvalNode implementation that returns an
|
|
// error if a resource has PreventDestroy configured and the diff
|
|
// would destroy the resource.
|
|
type EvalCheckPreventDestroy struct {
|
|
Addr addrs.ResourceInstance
|
|
Config *configs.Resource
|
|
Change **plans.ResourceInstanceChange
|
|
}
|
|
|
|
func (n *EvalCheckPreventDestroy) Eval(ctx EvalContext) (interface{}, error) {
|
|
if n.Change == nil || *n.Change == nil || n.Config == nil || n.Config.Managed == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
change := *n.Change
|
|
preventDestroy := n.Config.Managed.PreventDestroy
|
|
|
|
if (change.Action == plans.Delete || change.Action.IsReplace()) && preventDestroy {
|
|
var diags tfdiags.Diagnostics
|
|
diags = diags.Append(&hcl.Diagnostic{
|
|
Severity: hcl.DiagError,
|
|
Summary: "Instance cannot be destroyed",
|
|
Detail: fmt.Sprintf(
|
|
"Resource %s has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the plan using the -target flag.",
|
|
n.Addr.Absolute(ctx.Path()).String(),
|
|
),
|
|
Subject: &n.Config.DeclRange,
|
|
})
|
|
return nil, diags.Err()
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
const preventDestroyErrStr = `%s: the plan would destroy this resource, but it currently has lifecycle.prevent_destroy set to true. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or adjust the scope of the plan using the -target flag.`
|