Skip to content
Snippets Groups Projects
Commit fbc97300 authored by Timo Furrer's avatar Timo Furrer
Browse files

Merge branch 'destroy-with-delete-state' into 'main' 

Add auto_delete_input to destroy job

See merge request components/opentofu!247
parents 09c7bee5 47e9b9e7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/gitlab-tofu.sh
+ 4
1
View file @ fbc97300
...@@ -107,7 +107,7 @@ fi ...@@ -107,7 +107,7 @@ fi
# Dependencies # Dependencies
# ============ # ============
# Defines all the external dependencies and checks if they exist, if not, abort with an error. # Defines all the external dependencies and checks if they exist, if not, abort with an error.
dependencies="dirname basename pwd sed idn2 jq tofu" dependencies="dirname basename pwd sed idn2 jq tofu curl"
if [ -n "$ZSH_VERSION" ]; then if [ -n "$ZSH_VERSION" ]; then
# ZSH is the only supported SHELL that does not split by word by default, # ZSH is the only supported SHELL that does not split by word by default,
...@@ -428,6 +428,9 @@ if [ $sourced -eq 0 ]; then ...@@ -428,6 +428,9 @@ if [ $sourced -eq 0 ]; then
# shellcheck disable=SC2086 # shellcheck disable=SC2086
tofu "${tf_chdir_opt}" "${@}" ${var_file_args} tofu "${tf_chdir_opt}" "${@}" ${var_file_args}
;; ;;
"delete-state")
curl --request DELETE -u "${backend_username}:${backend_password}" "${backend_address}"
;;
--) --)
shift shift
tofu "${tf_chdir_opt}" "${@}" tofu "${tf_chdir_opt}" "${@}"
......
templates/destroy.yml
+ 9
0
View file @ fbc97300
...@@ -98,6 +98,10 @@ spec: ...@@ -98,6 +98,10 @@ spec:
default: false default: false
type: boolean type: boolean
description: 'Whether to setup automatic state and plan encryption for currently unencrypted state. This is only temporarily useful when migrating from an unencrypted state.' description: 'Whether to setup automatic state and plan encryption for currently unencrypted state. This is only temporarily useful when migrating from an unencrypted state.'
auto_delete_state:
default: false
type: boolean
description: 'Whether to automatically delete the Terraform state. This only makes sense when using the GitLab-managed state backend. It is equivalent to running the delete-state job.'
--- ---
...@@ -128,3 +132,8 @@ spec: ...@@ -128,3 +132,8 @@ spec:
name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script: script:
- gitlab-tofu apply -destroy - gitlab-tofu apply -destroy
- |
if $[[ inputs.auto_delete_state ]]; then
echo "Deleting state because auto_delete_state is set to true"
gitlab-tofu delete-state
fi
tests/integration-tests/DestroyWithAutoDeleteState.gitlab-ci.yml 0 → 100644
+ 45
0
View file @ fbc97300
include:
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/apply@$CI_COMMIT_SHA
inputs:
image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
version: $CI_COMMIT_SHA
opentofu_version: $OPENTOFU_VERSION
as: 'setup:apply'
stage: setup
root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
state_name: $TEST_GITLAB_TOFU_STATE_NAME
no_plan: true
# Required to run everything immediately, instead of manually.
rules: [{when: always}]
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/destroy@$CI_COMMIT_SHA
inputs:
image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
version: $CI_COMMIT_SHA
opentofu_version: $OPENTOFU_VERSION
root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
state_name: $TEST_GITLAB_TOFU_STATE_NAME
stage: destroy
# Required to run everything immediately, instead of manually.
rules: [{when: always}]
# NOTE: we test this setting here
auto_delete_state: true
stages: [setup, destroy, verify, cleanup]
verify:destroy-job:did-delete-state:
stage: verify
needs: ['destroy']
rules: [{when: always}]
image: alpine:latest
before_script:
- apk add --update curl jq
script:
- backend_address="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/$TEST_GITLAB_TOFU_STATE_NAME"
- |
if curl --fail-with-body --silent -u "gitlab-ci-token:${CI_JOB_TOKEN}" "$backend_address"; then
echo 'Error: the state still exists.'
exit 1
else
echo 'Success: the state is deleted.'
fi
tests/integration-tests/DestroyWithoutAutoDeleteState.gitlab-ci.yml 0 → 100644
+ 46
0
View file @ fbc97300
include:
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/apply@$CI_COMMIT_SHA
inputs:
image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
version: $CI_COMMIT_SHA
opentofu_version: $OPENTOFU_VERSION
as: 'setup:apply'
stage: setup
root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
state_name: $TEST_GITLAB_TOFU_STATE_NAME
no_plan: true
# Required to run everything immediately, instead of manually.
rules: [{when: always}]
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/destroy@$CI_COMMIT_SHA
inputs:
image_registry_base: $GITLAB_OPENTOFU_IMAGE_BASE
version: $CI_COMMIT_SHA
opentofu_version: $OPENTOFU_VERSION
root_dir: $TEST_GITLAB_TOFU_ROOT_DIR
state_name: $TEST_GITLAB_TOFU_STATE_NAME
stage: destroy
# Required to run everything immediately, instead of manually.
rules: [{when: always}]
# NOTE: this is the default!
# auto_delete_state: false
# For CI Terraform state cleanup
- component: $CI_SERVER_FQDN/$CI_PROJECT_PATH/delete-state@$CI_COMMIT_SHA
inputs:
stage: cleanup
state_name: $TEST_GITLAB_TOFU_STATE_NAME
rules: [{when: always}]
stages: [setup, destroy, verify, cleanup]
verify:destroy-job:did-not-delete-state:
stage: verify
needs: ['destroy']
rules: [{when: always}]
image: alpine:latest
before_script:
- apk add --update curl jq
script:
- backend_address="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/$TEST_GITLAB_TOFU_STATE_NAME"
- curl --fail-with-body --silent -u "gitlab-ci-token:${CI_JOB_TOKEN}" "$backend_address"
tests/integration-tests/WarningOnNonEmptyPlan.gitlab-ci.yml
+ 0
1
View file @ fbc97300
...@@ -26,7 +26,6 @@ verify:plan-job:has-warning-state: ...@@ -26,7 +26,6 @@ verify:plan-job:has-warning-state:
- apk add --update curl jq - apk add --update curl jq
script: script:
- | - |
backend_address="${GITLAB_TOFU_STATE_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${backend_state_name}}"
endpoint="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/${CI_PIPELINE_ID}/jobs" endpoint="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/${CI_PIPELINE_ID}/jobs"
is_warning_job=$(curl --silent "$endpoint" | jq -r '.[] | select(.name == "plan") | [.status == "failed", .allow_failure == true] | all') is_warning_job=$(curl --silent "$endpoint" | jq -r '.[] | select(.name == "plan") | [.status == "failed", .allow_failure == true] | all')
if [ "$is_warning_job" != 'true' ]; then if [ "$is_warning_job" != 'true' ]; then
......
tests/integration.gitlab-ci.yml
+ 18
0
View file @ fbc97300
...@@ -140,3 +140,21 @@ apply-job-template: ...@@ -140,3 +140,21 @@ apply-job-template:
GITLAB_OPENTOFU_BASE_IMAGE_OS: GITLAB_OPENTOFU_BASE_IMAGE_OS:
- alpine - alpine
- debian - debian
destroy-job-template:
stage: test-integration
variables:
OPENTOFU_VERSION: $LATEST_OPENTOFU_VERSION
TEST_GITLAB_TOFU_STATE_NAME: ci-integration-$CI_JOB_NAME_SLUG-$CI_PIPELINE_IID-$CI_NODE_INDEX
TEST_GITLAB_TOFU_ROOT_DIR: tests/iac
trigger:
include: tests/integration-tests/$PIPELINE_NAME.gitlab-ci.yml
strategy: depend
parallel:
matrix:
- PIPELINE_NAME:
- DestroyWithAutoDeleteState
- DestroyWithoutAutoDeleteState
GITLAB_OPENTOFU_BASE_IMAGE_OS:
- alpine
- debian
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment