Skip to content

terraform test: override prevent_destroy meta attribute#37364

Merged
liamcervante merged 2 commits intomainfrom
liamcervante/34960
Jul 25, 2025
Merged

terraform test: override prevent_destroy meta attribute#37364
liamcervante merged 2 commits intomainfrom
liamcervante/34960

Conversation

@liamcervante
Copy link
Copy Markdown
Contributor

@liamcervante liamcervante commented Jul 23, 2025

This PR allows terraform test to override the prevent_destroy attributes during it's cleanup operations. Terraform test should always clean up any infrastructure it has created, and is basically unusable as long as prevent_destroy is set to true. We shouldn't ask users to update their configs to make the testing framework work.

Fixes #34960

Target Release

1.14.x

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@liamcervante liamcervante requested a review from a team as a code owner July 23, 2025 13:10
dsa0x
dsa0x previously approved these changes Jul 24, 2025
View reviewed changes
@dsa0x dsa0x requested review from a team and dsa0x July 24, 2025 10:32
@dsa0x
Copy link
Copy Markdown
Member

dsa0x commented Jul 24, 2025

This however prevents users from being able to test a module, where they also want to see the destroy prevented like in the real module.

@liamcervante
Copy link
Copy Markdown
Contributor Author

liamcervante commented Jul 24, 2025
edited
Loading

where they also want to see the destroy prevented like in the real module.

This is already impossible to test. Currently, the test will fail with an error during the cleanup stage if the prevent_destroy attribute is set to true, always leaving behind the resource in the underlying provider with no state file to help clean things up. I'm not sure how valuable is to let users test that anyway. If prevent_destroy is set to true in the configuration, then they can trust that Terraform will prevent that resource being destroyed during normal operations. Writing a test for it would basically be like expecting users to write their own tests to validate Terraform's underlying behaviour which shouldn't be needed.

@dsa0x
Copy link
Copy Markdown
Member

dsa0x commented Jul 24, 2025

Some conflicts need to be resolved.

@liamcervante liamcervante merged commit 84c2e2f into main Jul 25, 2025
8 checks passed
@liamcervante liamcervante deleted the liamcervante/34960 branch July 25, 2025 11:54
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Aug 25, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dsa0x dsa0x dsa0x approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Terraform test execution doesn't handle prevent_destroy=true

2 participants

@liamcervante @dsa0x