Provision resources with a backend, followed by destruction without confirmation

[RDhar]

Use-case scenario
Provision resources with a backend, followed by destruction without confirmation.

For demo purposes, I have split out plan and apply outputs to separate comments, instead of updating the same one.

#1 PR Comment: Plan configuration with a backend.
-tf=plan -chdir=sample_bucket -backend-config=backend/dev.tfbackend

#2 PR Comment: Apply configuration with a backend.
-tf=apply -chdir=sample_bucket -backend-config=backend/dev.tfbackend

#3 PR Comment: Destroy configuration with a backend without confirmation.
-tf=apply -destroy -auto-approve -chdir=sample_bucket -backend-config=backend/dev.tfbackend

[RDhar]

-tf=plan -chdir=sample_bucket -backend-config=backend/dev.tfbackend

[github-actions]

{"tf":"plan","chdir":"sample_bucket","backend-config":"backend/dev.tfbackend"}

Diff of format changes.

main.tf
--- old/main.tf
+++ new/main.tf
@@ -9,6 +9,6 @@
# Output the ID of the sample S3 bucket.
output "sample_bucket_id" {
 description = "ID of the sample S3 bucket."
-  value        = module.sample_bucket.id
+  value       = module.sample_bucket.id
}

Plan: 2 to add, 0 to change, 0 to destroy.

TF Via PR Comments by @RDhar via issue_comment at 2023-11-15T21:31:48Z.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.sample_bucket.aws_s3_bucket.sample will be created
  + resource "aws_s3_bucket" "sample" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = "unique"
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Name" = "unique-bucket"
        }
      + tags_all                    = {
          + "Name"      = "unique-bucket"
          + "Stack"     = "sample_bucket"
          + "Terraform" = "default"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.sample_bucket.aws_s3_bucket_versioning.sample will be created
  + resource "aws_s3_bucket_versioning" "sample" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + sample_bucket_id = (known after apply)

[RDhar]

-tf=apply -chdir=sample_bucket -backend-config=backend/dev.tfbackend

[github-actions]

{"tf":"apply","chdir":"sample_bucket","backend-config":"backend/dev.tfbackend"}

Diff of format changes.

main.tf
--- old/main.tf
+++ new/main.tf
@@ -9,6 +9,6 @@
# Output the ID of the sample S3 bucket.
output "sample_bucket_id" {
 description = "ID of the sample S3 bucket."
-  value        = module.sample_bucket.id
+  value       = module.sample_bucket.id
}

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

TF Via PR Comments by @RDhar via issue_comment at 2023-11-15T21:32:45Z.

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

sample_bucket_id = "unique20231115213311797600000001"

[RDhar]

-tf=apply -destroy -auto-approve -chdir=sample_bucket -backend-config=backend/dev.tfbackend

[github-actions]

{"tf":"apply","destroy":true,"auto-approve":true,"chdir":"sample_bucket","backend-config":"backend/dev.tfbackend"}

Diff of format changes.

main.tf
--- old/main.tf
+++ new/main.tf
@@ -9,6 +9,6 @@
# Output the ID of the sample S3 bucket.
output "sample_bucket_id" {
 description = "ID of the sample S3 bucket."
-  value        = module.sample_bucket.id
+  value       = module.sample_bucket.id
}

Apply complete! Resources: 0 added, 0 changed, 2 destroyed.

TF Via PR Comments by @RDhar via issue_comment at 2023-11-15T21:33:37Z.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # module.sample_bucket.aws_s3_bucket.sample will be destroyed
  - resource "aws_s3_bucket" "sample" {
      - arn                         = "arn:aws:s3:::unique20231115213311797600000001" -> null
      - bucket                      = "unique20231115213311797600000001" -> null
      - bucket_domain_name          = "unique20231115213311797600000001.s3.amazonaws.com" -> null
      - bucket_prefix               = "unique" -> null
      - bucket_regional_domain_name = "unique20231115213311797600000001.s3.us-west-1.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2F56UZL2M1ACD" -> null
      - id                          = "unique20231115213311797600000001" -> null
      - object_lock_enabled         = false -> null
      - region                      = "us-west-1" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {
          - "Name" = "unique-bucket"
        } -> null
      - tags_all                    = {
          - "Name"      = "unique-bucket"
          - "Stack"     = "sample_bucket"
          - "Terraform" = "default"
        } -> null

      - grant {
          - id          = "7e2dd88a0345f411744e1475d3a823736728b6da43611c1d67bb56c38007bee9" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = true -> null
          - mfa_delete = false -> null
        }
    }

  # module.sample_bucket.aws_s3_bucket_versioning.sample will be destroyed
  - resource "aws_s3_bucket_versioning" "sample" {
      - bucket = "unique20231115213311797600000001" -> null
      - id     = "unique20231115213311797600000001" -> null

      - versioning_configuration {
          - status = "Enabled" -> null
        }
    }

Plan: 0 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  - sample_bucket_id = "unique20231115213311797600000001" -> null

Apply complete! Resources: 0 added, 0 changed, 2 destroyed.