Skip to content

Make the workspace command explicitly protect the default workspace, instead of relying on backend implementations #37256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Make the workspace command explicitly protect the default workspace, instead of relying on backend implementations #37256

wants to merge 3 commits into from
+97 −1

Conversation

SarahFrench
Copy link
Member

@SarahFrench SarahFrench commented Jun 19, 2025
edited
Loading

This PR makes the terraform workspace delete command return early with an error if the user attempts to delete the default workspace.

Currently this protection already exists but it's re-implemented within each backend in the repo, for example:

Assuming that the only code that deletes a workspace is within the terraform workspace delete command's logic, we can move this protection into the command itself.

This makes the protection of default an explicit responsibility/feature/choice of Terraform core and not just a convention of the existing backend implementations in this repo.

Target Release

v1.13

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench
Add test showing that users cannot delete the default workspace
712f40f 
Note: in the test this validation is being returned from the local backend's `DeleteWorkspace` method, not the command itself.
@SarahFrench
Make the workspace delete command return early if the user is tryin…
cdcadef 
…g to delete the default workspace. Update test.
@SarahFrench SarahFrench added the no-changelog-needed Add this to your PR if the change does not require a changelog entry label Jun 19, 2025
@SarahFrench SarahFrench changed the title Pss/workspace command protects default workspace Make the workspace command explicitly protect the default workspace, instead of relying on backend implementations Jun 19, 2025
@SarahFrench SarahFrench marked this pull request as ready for review June 19, 2025 15:12
@SarahFrench SarahFrench requested a review from a team as a code owner June 19, 2025 15:12
radeksimko
radeksimko approved these changes Jun 23, 2025
View reviewed changes
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Good observation about this behaviour.

I wonder if we should also document this somewhere, e.g. https://developer.hashicorp.com/terraform/cli/commands/workspace/delete and clarify what we expect the user to do (probably delete the files manually) in situations that they actually want to delete it and the consequences of doing so. This could be a separate PR though - I wouldn't want to block this one on docs.

@SarahFrench
Copy link
Member Author

That's a good idea- however I'll wait before merging this PR as I need to figure out the correct way to time updating the docs in the new repo relative to when the new minor's first beta is released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees
No one assigned
Labels
no-changelog-needed Add this to your PR if the change does not require a changelog entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SarahFrench @radeksimko