Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make it harder to destroy things in Terraform #829

Closed
Tracked by #803
afeld opened this issue Jul 26, 2022 · 1 comment · Fixed by #1085
Closed
Tracked by #803

make it harder to destroy things in Terraform #829

afeld opened this issue Jul 26, 2022 · 1 comment · Fixed by #1085
Assignees
@afeld
Labels
bug Something isn't working infrastructure Terraform, Azure, etc.
Milestone
Reliability [eng]

Comments

@afeld
Copy link
Contributor

afeld commented Jul 26, 2022
edited
Loading

Currently, the infrastructure pipeline will apply Terraform changes no matter what those changes are doing. This can lead to costly mistakes, such as the downtime on 7/21.

To Reproduce

  1. Delete a resource in a Terraform file
  2. Merge that change to dev
  3. See that it will apply without warning/complaint

Expected behavior

Should need to do an extra step / emphasize "yes I'm really sure" before resources get destroyed.

Additional context

Not-mutually-exclusive ways to make this safer:
@afeld afeld mentioned this issue Jul 26, 2022
Closed
15 tasks
@afeld afeld changed the title Implement manual approval for destructive actions make it harder to make mistakes in Terraform Jul 26, 2022
@afeld afeld added bug Something isn't working infrastructure Terraform, Azure, etc. labels Jul 26, 2022
@afeld afeld changed the title make it harder to make mistakes in Terraform make it harder to destroy things in Terraform Jul 26, 2022
@afeld
Copy link
Contributor Author

afeld commented Jul 26, 2022

Less important if we fully isolate all the environments: #830

@thekaveman thekaveman moved this to Backlog in Digital Services Aug 1, 2022
@thekaveman thekaveman added this to the Production Resiliency milestone Sep 26, 2022
@afeld afeld mentioned this issue Oct 26, 2022
Merged
@afeld afeld self-assigned this Oct 26, 2022
@afeld afeld moved this from Backlog to In Progress in Digital Services Oct 26, 2022
Repository owner moved this from In Progress to Done in Digital Services Oct 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afeld afeld

Labels
bug Something isn't working infrastructure Terraform, Azure, etc.
Projects
Digital Services
Archived in project
Milestone
Reliability [eng]
Development

Successfully merging a pull request may close this issue.

prevent destruction of Terraform resources containing secrets cal-itp/benefits
2 participants
@afeld @thekaveman