Merge pull request #42 from trussworks/barry-force-delete

Adds force_destroy bool, default false.

README.md

@@ -108,6 +108,7 @@ Terraform 0.11. Pin module version to ~> 3.5.0. Submit pull-requests to terrafor
 | default\_allow | Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write. | string | `"true"` | no |
 | elb\_accounts | List of accounts for ELB logs.  By default limits to the current account. | list(string) | `[]` | no |
 | elb\_logs\_prefix | S3 prefix for ELB logs. | string | `"elb"` | no |
+| force\_destroy | A bool that indicates all objects \(including any locked objects\) should be deleted from the bucket so the bucket can be destroyed without error. | bool | `"false"` | no |
 | nlb\_accounts | List of accounts for NLB logs.  By default limits to the current account. | list(string) | `[]` | no |
 | nlb\_logs\_prefix | S3 prefix for NLB logs. | string | `"nlb"` | no |
 | redshift\_logs\_prefix | S3 prefix for RedShift logs. | string | `"redshift"` | no |

examples/alb/main.tf

@@ -3,6 +3,7 @@ module "aws_logs" {
   s3_bucket_name = var.test_name
   region         = var.region
   allow_alb      = "true"
+  force_destroy  = var.force_destroy
 }
 
 resource "aws_lb" "test_lb" {

examples/alb/variables.tf

@@ -9,3 +9,8 @@ variable "region" {
 variable "vpc_azs" {
   type = list(string)
 }
+
+variable "force_destroy" {
+  type = bool
+}
+

examples/cloudtrail/main.tf

@@ -2,6 +2,7 @@ module "aws_logs" {
   source         = "../../"
   s3_bucket_name = var.test_name
   region         = var.region
+  force_destroy  = var.force_destroy
 }
 
 module "aws_cloudtrail" {

examples/cloudtrail/variables.tf

@@ -5,3 +5,7 @@ variable "test_name" {
 variable "region" {
   type = string
 }
+
+variable "force_destroy" {
+  type = bool
+}

examples/combined/main.tf

@@ -2,6 +2,7 @@ module "aws_logs" {
   source         = "../../"
   s3_bucket_name = var.test_name
   region         = var.region
+  force_destroy  = var.force_destroy
 }
 
 resource "aws_lb" "test_alb" {
@@ -80,8 +81,9 @@ resource "aws_redshift_cluster" "test_redshift" {
 }
 
 resource "aws_s3_bucket" "log_source_bucket" {
-  bucket = "${var.test_name}-source"
-  acl    = "private"
+  bucket        = "${var.test_name}-source"
+  acl           = "private"
+  force_destroy = var.force_destroy
 
   logging {
     target_bucket = module.aws_logs.aws_logs_bucket

examples/combined/variables.tf

@@ -14,3 +14,7 @@ variable "test_redshift" {
   type    = bool
   default = true
 }
+
+variable "force_destroy" {
+  type = bool
+}

examples/config/main.tf

@@ -4,6 +4,7 @@ module "aws_logs" {
   region             = var.region
   allow_config       = "true"
   config_logs_prefix = "config"
+  force_destroy      = var.force_destroy
 }
 
 module "config" {

examples/config/variables.tf

@@ -1,7 +1,12 @@
 variable "test_name" {
-  type = "string"
+  type = string
 }
 
 variable "region" {
-  type = "string"
+  type = string
 }
+
+variable "force_destroy" {
+  type = bool
+}
+

examples/elb/main.tf

@@ -3,6 +3,7 @@ module "aws_logs" {
   s3_bucket_name = var.test_name
   region         = var.region
   allow_elb      = "true"
+  force_destroy  = var.force_destroy
 }
 
 resource "aws_elb" "test_elb" {

examples/elb/variables.tf

@@ -9,3 +9,8 @@ variable "region" {
 variable "vpc_azs" {
   type = list(string)
 }
+
+variable "force_destroy" {
+  type = bool
+}
+

examples/nlb/main.tf

@@ -3,6 +3,7 @@ module "aws_logs" {
   s3_bucket_name = var.test_name
   region         = var.region
   allow_nlb      = "true"
+  force_destroy  = var.force_destroy
 }
 
 resource "aws_lb" "test_lb" {

examples/nlb/variables.tf

@@ -9,3 +9,7 @@ variable "region" {
 variable "vpc_azs" {
   type = list(string)
 }
+
+variable "force_destroy" {
+  type = bool
+}

examples/s3/main.tf

@@ -2,6 +2,7 @@ module "aws_logs" {
   source         = "../../"
   s3_bucket_name = var.test_name
   region         = var.region
+  force_destroy  = var.force_destroy
 }
 
 resource "aws_s3_bucket" "log_source_bucket" {

examples/s3/variables.tf

@@ -5,3 +5,8 @@ variable "test_name" {
 variable "region" {
   type = string
 }
+
+variable "force_destroy" {
+  type = bool
+}
+

examples/simple/main.tf

@@ -2,4 +2,5 @@ module "aws_logs" {
   source         = "../../"
   s3_bucket_name = var.test_name
   region         = var.region
+  force_destroy  = var.force_destroy
 }

examples/simple/variables.tf

@@ -5,3 +5,8 @@ variable "test_name" {
 variable "region" {
   type = string
 }
+
+variable "force_destroy" {
+  type = bool
+}
+

main.tf

@@ -358,10 +358,11 @@ JSON
 }
 
 resource "aws_s3_bucket" "aws_logs" {
-  bucket = var.s3_bucket_name
-  acl    = var.s3_bucket_acl
-  region = var.region
-  policy = data.template_file.bucket_policy.rendered
+  bucket        = var.s3_bucket_name
+  acl           = var.s3_bucket_acl
+  region        = var.region
+  policy        = data.template_file.bucket_policy.rendered
+  force_destroy = var.force_destroy
 
   lifecycle_rule {
     id      = "expire_all_logs"

test/terraform_aws_logs_alb_test.go

@@ -20,17 +20,16 @@ func TestTerraformAwsLogsAlb(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/alb/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"vpc_azs":   vpcAzs,
-			"test_name": testName,
+			"region":        awsRegion,
+			"vpc_azs":       vpcAzs,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_cloudtrail_test.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
@@ -21,17 +20,15 @@ func TestTerraformAwsLogsCloudtrail(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/cloudtrail/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"test_name": testName,
+			"region":        awsRegion,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty and delete logs_bucket before terraform destroy
-	defer aws.DeleteS3Bucket(t, awsRegion, testName)
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_combined_test.go

@@ -27,15 +27,13 @@ func TestTerraformAwsLogsCombined(t *testing.T) {
 			"vpc_azs":       vpcAzs,
 			"test_name":     testName,
 			"test_redshift": testRedshift,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty and delete logs_bucket before terraform destroy
-	defer aws.DeleteS3Bucket(t, awsRegion, testName)
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_config_test.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
@@ -21,17 +20,15 @@ func TestTerraformAwsLogsConfig(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/config/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"test_name": testName,
+			"region":        awsRegion,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty and delete logs_bucket before terraform destroy
-	defer aws.DeleteS3Bucket(t, awsRegion, testName)
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_elb_test.go

@@ -20,17 +20,16 @@ func TestTerraformAwsLogsElb(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/elb/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"vpc_azs":   vpcAzs,
-			"test_name": testName,
+			"region":        awsRegion,
+			"vpc_azs":       vpcAzs,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_nlb_test.go

@@ -20,17 +20,16 @@ func TestTerraformAwsLogsNlb(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/nlb/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"vpc_azs":   vpcAzs,
-			"test_name": testName,
+			"region":        awsRegion,
+			"vpc_azs":       vpcAzs,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_redshift_test.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
@@ -23,16 +22,15 @@ func TestTerraformAwsLogsRedshift(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/redshift/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"test_name": testName,
+			"region":        awsRegion,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_s3_test.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
@@ -19,16 +18,15 @@ func TestTerraformAwsLogsS3(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/s3/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"test_name": testName,
+			"region":        awsRegion,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }

test/terraform_aws_logs_test.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/gruntwork-io/terratest/modules/aws"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/gruntwork-io/terratest/modules/terraform"
 )
@@ -19,16 +18,15 @@ func TestTerraformAwsLogs(t *testing.T) {
 	terraformOptions := &terraform.Options{
 		TerraformDir: "../examples/simple/",
 		Vars: map[string]interface{}{
-			"region":    awsRegion,
-			"test_name": testName,
+			"region":        awsRegion,
+			"test_name":     testName,
+			"force_destroy": true,
 		},
 		EnvVars: map[string]string{
 			"AWS_DEFAULT_REGION": awsRegion,
 		},
 	}
 
 	defer terraform.Destroy(t, terraformOptions)
-	// Empty logs_bucket before terraform destroy
-	defer aws.EmptyS3Bucket(t, awsRegion, testName)
 	terraform.InitAndApply(t, terraformOptions)
 }