mirror of
https://github.com/opentofu/opentofu.git
synced 2025-02-09 23:25:33 -06:00
afe4abb637
When the `prevent_destroy` flag is set on a resource, any plan that would destroy that resource instead returns an error. This has the effect of preventing the resource from being unexpectedly destroyed by Terraform until the flag is removed from the config.
33 lines
908 B
Go
33 lines
908 B
Go
package terraform
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/terraform/config"
|
|
)
|
|
|
|
// EvalPreventDestroy is an EvalNode implementation that returns an
|
|
// error if a resource has PreventDestroy configured and the diff
|
|
// would destroy the resource.
|
|
type EvalCheckPreventDestroy struct {
|
|
Resource *config.Resource
|
|
Diff **InstanceDiff
|
|
}
|
|
|
|
func (n *EvalCheckPreventDestroy) Eval(ctx EvalContext) (interface{}, error) {
|
|
if n.Diff == nil || *n.Diff == nil || n.Resource == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
diff := *n.Diff
|
|
preventDestroy := n.Resource.Lifecycle.PreventDestroy
|
|
|
|
if diff.Destroy && preventDestroy {
|
|
return nil, fmt.Errorf(preventDestroyErrStr, n.Resource.Id())
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
const preventDestroyErrStr = `%s: plan would destroy, but resource has prevent_destroy set. To avoid this error, either disable prevent_destroy, or change your config so the plan does not destroy this resource.`
|