Allow special-case evaluation of instances pending deletion. #26470
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to handle various edge cases during a full destroy, add FullDestroy to the synchronized changes so we can attempt to deduce if the plan was created from `terraform destroy`. It's possible that the plan was created by removing all resourced from the configuration, but in that case the end result is the same. Any of the edge cases with provider or destroy provisioner configurations would not apply, since there would not be any configuration references to resolve.
Allow the evaluation of resource pending deleting only during a full destroy. With this change we can ensure deposed instances are not evaluated under normal circumstances, but can be references when needed. This also allows us to remove the fixup transformer that added connections so temporary values would evaluate in the correct order when referencing destroy nodes. In the majority of cases, we do not want to evaluate resources that are pending deletion since configuration references only can refer to resources that is intended to be managed by the configuration. An exception to that rule is when Terraform is performing a full `destroy` operation, and providers need to evaluate existing resources for their configuration.
The test for this behavior did not work, because the old mock diff function does not work correctly. Write a PlanResourceChange function to return a correct plan.
In order to properly evaluate a destroy provisioner, we cannot rely on the usual evaluation context, because the resource has already been removed from the state. EvalSelfBlock evaluates an hcl.Body in the limited scope of a single object as "self", with the added values of "count.index" and "each.key".
Codecov Report
|
jbardin
changed the title
Evaluate destroy provisioner configurations using only the last resource state value, and the static instance key data.
jbardin
force-pushed
the
jbardin/inverse-destroy-references
branch
from
d35e6df to
95197f0
Compare
mildwonkey
reviewed
Oct 5, 2020
| // refer to the last known value of the resource. | ||
| self := n.Change.Before | ||
|
|
||
| var evalScope func(EvalContext, hcl.Body, cty.Value, *configschema.Block) (cty.Value, tfdiags.Diagnostics) |
There was a problem hiding this comment.
🤔 This is an interesting pattern; it took me a minute to get why but I do believe you'll be seeing it again when I get back to refactoring Eval() stuff. I like it.
The change was passed into the provisioner node because the normal NodeApplyableResourceInstance overwrites the prior state with the new state. This however doesn't matter here, because the resource destroy node does not do this. Also, even if the updated state were to be used for some reason with a create provisioner, it would be the correct state to use at that point.
mildwonkey
approved these changes
Oct 5, 2020
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allow the evaluation of resources pending deletion in 2 special cases. We remove the ability to evaluate these resources in all other cases, simplifying the graph, and preventing deposed resources from being evaluated when involving resource using the
create_before_destroylifecycle.During a full destroy, a provider configuration may reference data sources (and occasionally managed resources) that are going to be removed from the state. We can detect this by examining the change set for all
Deleteactions, and allow the evaluation of resources pending deletion to proceed. More details about the current handling of this, and the fixup transformer it used can be found in #25618.When evaluating a destroy provisioner, we can create a limited evaluation scope that only includes the prior value of the resource and the instance key data. This bypasses the need for a special case in the global evaluator entirely. This new evaluation mode is added to
lang.Scopeas a newEvalSelfBlockmethod, which the provisioners can now switch to using as necessary.Fixes #25631