Context
Trying to understand how is working feature prevent_deletion_if_contains_resources in AzureRm on Terraform:
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = true
}
}
}
The documentation:
Says:
Should the azurerm_resource_group resource check that there are no Resources within the Resource Group during deletion? This means that all Resources within the Resource Group must be deleted prior to deleting the Resource Group. Defaults to true.
My issue
Whatever the value of prevent_deletion_if_contains_resources this never happens.
What I did
This is the full script:
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = true
}
}
}
provider "azurerm" {
alias = "autreChoix"
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
resource "azurerm_resource_group" "rg2" {
name = "rg2"
location = "northeurope"
provider = azurerm.autreChoix
}
resource "azurerm_resource_group" "rg" {
name = "rg1"
location = "westeurope"
}
resource "azurerm_storage_account" "sa" {
name = "mystor1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_account" "sa2" {
name = "mystor2"
resource_group_name = azurerm_resource_group.rg2.name
location = azurerm_resource_group.rg2.location
account_tier = "Standard"
account_replication_type = "LRS"
}
Creates 2 RG. On with each value of prevent_deletion_if_contains_resources.
What I need
Does anybody tells me what I am missing?
Thanks
The main problem prevent_deletion_if_contains_resources solves is throwing a warning to the Terraform user when there are additional Resources within a Resource Group that it is trying to remove that it does not manage, since those Resources will also be deleted when the Resource Group is deleted by Terraform.
Here is the original issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/1608, and later the default behavior in the provider was changed to be true as a result of this other issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/13777.
That setting only applies to using Terraform. It does not prevent users in the Azure portal from deleting the Resource Group. However, I suspect that if you create the Resource Group using Terraform, then add a new Resource within that Resource Group using the Azure portal, and then finally perform a terraform destroy
on that Resource Group, you should see an Terraform error if you have prevent_deletion_if_contains_resources set to true
.