diff --git a/README.md b/README.md index 51822c1..a7816d0 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,7 @@ Terraform 0.11. Pin module version to ~> 3.5.0. Submit pull-requests to terrafor | default\_allow | Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write. | string | `"true"` | no | | elb\_accounts | List of accounts for ELB logs. By default limits to the current account. | list(string) | `[]` | no | | elb\_logs\_prefix | S3 prefix for ELB logs. | string | `"elb"` | no | +| force\_destroy | A bool that indicates all objects \(including any locked objects\) should be deleted from the bucket so the bucket can be destroyed without error. | bool | `"false"` | no | | nlb\_accounts | List of accounts for NLB logs. By default limits to the current account. | list(string) | `[]` | no | | nlb\_logs\_prefix | S3 prefix for NLB logs. | string | `"nlb"` | no | | redshift\_logs\_prefix | S3 prefix for RedShift logs. | string | `"redshift"` | no | diff --git a/examples/alb/main.tf b/examples/alb/main.tf index f8d20ae..94c8148 100644 --- a/examples/alb/main.tf +++ b/examples/alb/main.tf @@ -3,6 +3,7 @@ module "aws_logs" { s3_bucket_name = var.test_name region = var.region allow_alb = "true" + force_destroy = var.force_destroy } resource "aws_lb" "test_lb" { diff --git a/examples/alb/variables.tf b/examples/alb/variables.tf index e58643c..de55cdd 100644 --- a/examples/alb/variables.tf +++ b/examples/alb/variables.tf @@ -9,3 +9,8 @@ variable "region" { variable "vpc_azs" { type = list(string) } + +variable "force_destroy" { + type = bool +} + diff --git a/examples/cloudtrail/main.tf b/examples/cloudtrail/main.tf index b05ed13..dc2e213 100644 --- a/examples/cloudtrail/main.tf +++ b/examples/cloudtrail/main.tf @@ -2,6 +2,7 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name region = var.region + force_destroy = var.force_destroy } module "aws_cloudtrail" { diff --git a/examples/cloudtrail/variables.tf b/examples/cloudtrail/variables.tf index cb2abac..24a4586 100644 --- a/examples/cloudtrail/variables.tf +++ b/examples/cloudtrail/variables.tf @@ -5,3 +5,7 @@ variable "test_name" { variable "region" { type = string } + +variable "force_destroy" { + type = bool +} diff --git a/examples/combined/main.tf b/examples/combined/main.tf index 6f8bb4a..9d6538a 100644 --- a/examples/combined/main.tf +++ b/examples/combined/main.tf @@ -2,6 +2,7 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name region = var.region + force_destroy = var.force_destroy } resource "aws_lb" "test_alb" { @@ -80,8 +81,9 @@ resource "aws_redshift_cluster" "test_redshift" { } resource "aws_s3_bucket" "log_source_bucket" { - bucket = "${var.test_name}-source" - acl = "private" + bucket = "${var.test_name}-source" + acl = "private" + force_destroy = var.force_destroy logging { target_bucket = module.aws_logs.aws_logs_bucket diff --git a/examples/combined/variables.tf b/examples/combined/variables.tf index b44ce94..a314444 100644 --- a/examples/combined/variables.tf +++ b/examples/combined/variables.tf @@ -14,3 +14,7 @@ variable "test_redshift" { type = bool default = true } + +variable "force_destroy" { + type = bool +} diff --git a/examples/config/main.tf b/examples/config/main.tf index 48242bf..3212fd8 100644 --- a/examples/config/main.tf +++ b/examples/config/main.tf @@ -4,6 +4,7 @@ module "aws_logs" { region = var.region allow_config = "true" config_logs_prefix = "config" + force_destroy = var.force_destroy } module "config" { diff --git a/examples/config/variables.tf b/examples/config/variables.tf index 5063baf..63744eb 100644 --- a/examples/config/variables.tf +++ b/examples/config/variables.tf @@ -1,7 +1,12 @@ variable "test_name" { - type = "string" + type = string } variable "region" { - type = "string" + type = string } + +variable "force_destroy" { + type = bool +} + diff --git a/examples/elb/main.tf b/examples/elb/main.tf index dd3d0d8..5048c0a 100644 --- a/examples/elb/main.tf +++ b/examples/elb/main.tf @@ -3,6 +3,7 @@ module "aws_logs" { s3_bucket_name = var.test_name region = var.region allow_elb = "true" + force_destroy = var.force_destroy } resource "aws_elb" "test_elb" { diff --git a/examples/elb/variables.tf b/examples/elb/variables.tf index e58643c..de55cdd 100644 --- a/examples/elb/variables.tf +++ b/examples/elb/variables.tf @@ -9,3 +9,8 @@ variable "region" { variable "vpc_azs" { type = list(string) } + +variable "force_destroy" { + type = bool +} + diff --git a/examples/nlb/main.tf b/examples/nlb/main.tf index 7745df9..8f27116 100644 --- a/examples/nlb/main.tf +++ b/examples/nlb/main.tf @@ -3,6 +3,7 @@ module "aws_logs" { s3_bucket_name = var.test_name region = var.region allow_nlb = "true" + force_destroy = var.force_destroy } resource "aws_lb" "test_lb" { diff --git a/examples/nlb/variables.tf b/examples/nlb/variables.tf index e58643c..9640f1b 100644 --- a/examples/nlb/variables.tf +++ b/examples/nlb/variables.tf @@ -9,3 +9,7 @@ variable "region" { variable "vpc_azs" { type = list(string) } + +variable "force_destroy" { + type = bool +} diff --git a/examples/s3/main.tf b/examples/s3/main.tf index 34d9035..22f382e 100644 --- a/examples/s3/main.tf +++ b/examples/s3/main.tf @@ -2,6 +2,7 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name region = var.region + force_destroy = var.force_destroy } resource "aws_s3_bucket" "log_source_bucket" { diff --git a/examples/s3/variables.tf b/examples/s3/variables.tf index cb2abac..63744eb 100644 --- a/examples/s3/variables.tf +++ b/examples/s3/variables.tf @@ -5,3 +5,8 @@ variable "test_name" { variable "region" { type = string } + +variable "force_destroy" { + type = bool +} + diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 102476a..444ebfc 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -2,4 +2,5 @@ module "aws_logs" { source = "../../" s3_bucket_name = var.test_name region = var.region + force_destroy = var.force_destroy } diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf index cb2abac..63744eb 100644 --- a/examples/simple/variables.tf +++ b/examples/simple/variables.tf @@ -5,3 +5,8 @@ variable "test_name" { variable "region" { type = string } + +variable "force_destroy" { + type = bool +} + diff --git a/main.tf b/main.tf index e2fd07e..922ef06 100644 --- a/main.tf +++ b/main.tf @@ -358,10 +358,11 @@ JSON } resource "aws_s3_bucket" "aws_logs" { - bucket = var.s3_bucket_name - acl = var.s3_bucket_acl - region = var.region - policy = data.template_file.bucket_policy.rendered + bucket = var.s3_bucket_name + acl = var.s3_bucket_acl + region = var.region + policy = data.template_file.bucket_policy.rendered + force_destroy = var.force_destroy lifecycle_rule { id = "expire_all_logs" diff --git a/test/terraform_aws_logs_alb_test.go b/test/terraform_aws_logs_alb_test.go index ed98d72..eff3fe3 100644 --- a/test/terraform_aws_logs_alb_test.go +++ b/test/terraform_aws_logs_alb_test.go @@ -20,9 +20,10 @@ func TestTerraformAwsLogsAlb(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/alb/", Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -30,7 +31,5 @@ func TestTerraformAwsLogsAlb(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_cloudtrail_test.go b/test/terraform_aws_logs_cloudtrail_test.go index cb30c99..9c31ed4 100644 --- a/test/terraform_aws_logs_cloudtrail_test.go +++ b/test/terraform_aws_logs_cloudtrail_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -21,8 +20,9 @@ func TestTerraformAwsLogsCloudtrail(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/cloudtrail/", Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -30,8 +30,5 @@ func TestTerraformAwsLogsCloudtrail(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty and delete logs_bucket before terraform destroy - defer aws.DeleteS3Bucket(t, awsRegion, testName) - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_combined_test.go b/test/terraform_aws_logs_combined_test.go index 06b7a60..cfabae4 100644 --- a/test/terraform_aws_logs_combined_test.go +++ b/test/terraform_aws_logs_combined_test.go @@ -27,6 +27,7 @@ func TestTerraformAwsLogsCombined(t *testing.T) { "vpc_azs": vpcAzs, "test_name": testName, "test_redshift": testRedshift, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -34,8 +35,5 @@ func TestTerraformAwsLogsCombined(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty and delete logs_bucket before terraform destroy - defer aws.DeleteS3Bucket(t, awsRegion, testName) - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_config_test.go b/test/terraform_aws_logs_config_test.go index 4181dfe..1f5c60c 100644 --- a/test/terraform_aws_logs_config_test.go +++ b/test/terraform_aws_logs_config_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -21,8 +20,9 @@ func TestTerraformAwsLogsConfig(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/config/", Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -30,8 +30,5 @@ func TestTerraformAwsLogsConfig(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty and delete logs_bucket before terraform destroy - defer aws.DeleteS3Bucket(t, awsRegion, testName) - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_elb_test.go b/test/terraform_aws_logs_elb_test.go index 63206cd..bbb88e2 100644 --- a/test/terraform_aws_logs_elb_test.go +++ b/test/terraform_aws_logs_elb_test.go @@ -20,9 +20,10 @@ func TestTerraformAwsLogsElb(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/elb/", Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -30,7 +31,5 @@ func TestTerraformAwsLogsElb(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_nlb_test.go b/test/terraform_aws_logs_nlb_test.go index 48f1d3a..7f0a561 100644 --- a/test/terraform_aws_logs_nlb_test.go +++ b/test/terraform_aws_logs_nlb_test.go @@ -20,9 +20,10 @@ func TestTerraformAwsLogsNlb(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/nlb/", Vars: map[string]interface{}{ - "region": awsRegion, - "vpc_azs": vpcAzs, - "test_name": testName, + "region": awsRegion, + "vpc_azs": vpcAzs, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -30,7 +31,5 @@ func TestTerraformAwsLogsNlb(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_redshift_test.go b/test/terraform_aws_logs_redshift_test.go index 0c90f36..f2aac06 100644 --- a/test/terraform_aws_logs_redshift_test.go +++ b/test/terraform_aws_logs_redshift_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -23,8 +22,9 @@ func TestTerraformAwsLogsRedshift(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/redshift/", Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -32,7 +32,5 @@ func TestTerraformAwsLogsRedshift(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_s3_test.go b/test/terraform_aws_logs_s3_test.go index 75886dc..acc2636 100644 --- a/test/terraform_aws_logs_s3_test.go +++ b/test/terraform_aws_logs_s3_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -19,8 +18,9 @@ func TestTerraformAwsLogsS3(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/s3/", Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -28,7 +28,5 @@ func TestTerraformAwsLogsS3(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/test/terraform_aws_logs_test.go b/test/terraform_aws_logs_test.go index ec4705d..c4c2de5 100644 --- a/test/terraform_aws_logs_test.go +++ b/test/terraform_aws_logs_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/gruntwork-io/terratest/modules/aws" "github.com/gruntwork-io/terratest/modules/random" "github.com/gruntwork-io/terratest/modules/terraform" ) @@ -19,8 +18,9 @@ func TestTerraformAwsLogs(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../examples/simple/", Vars: map[string]interface{}{ - "region": awsRegion, - "test_name": testName, + "region": awsRegion, + "test_name": testName, + "force_destroy": true, }, EnvVars: map[string]string{ "AWS_DEFAULT_REGION": awsRegion, @@ -28,7 +28,5 @@ func TestTerraformAwsLogs(t *testing.T) { } defer terraform.Destroy(t, terraformOptions) - // Empty logs_bucket before terraform destroy - defer aws.EmptyS3Bucket(t, awsRegion, testName) terraform.InitAndApply(t, terraformOptions) } diff --git a/variables.tf b/variables.tf index 3207dc1..9d46a77 100644 --- a/variables.tf +++ b/variables.tf @@ -141,3 +141,9 @@ variable "nlb_accounts" { type = list(string) } +variable "force_destroy" { + description = "A bool that indicates all objects (including any locked objects) should be deleted from the bucket so the bucket can be destroyed without error." + default = false + type = bool +} +