Hi there. I’m looking for some advice on how to handle a custom diff that’s used to validate a resource’s inputs when the resource is being destroyed. Is it possible, in a CustomizeDiff function, to identify whether the resource is being created, modified or destroyed?
That might be the wrong question to ask: in the docs for schema.Resource, and specifically for CustomizeDiff, it says:
// The phases Terraform runs this in, and the state available via functions // like Get and GetChange, are as follows: // // * New resource: One run with no state // * Existing resource: One run with state // * Existing resource, forced new: One run with state (before ForceNew), // then one run without state (as if new resource) // * Tainted resource: No runs (custom diff logic is skipped) // * Destroy: No runs (standard diff logic is skipped on destroy diffs)
The above description of what happens on destroy doesn’t match my experience… unless the mention of ‘standard diff logic’ is a distinction that means custom diff logic still runs. What I’m finding is that my CustomizeDiff function is called on destroy.
This is a problem for me because I’m using the CustomizeDiff function as a way to implement validations, and so of course those validations can fail. Validating the inputs of a resource that’s being destroyed is highly problematic for me - it is causing issues where people can’t destroy their TF stacks. So I would like to either (a) not run the custom diff function on destroy, or (b) identify whether it’s a destroy action and not run validations within the custom diff function.
If anybody could tell me how to do either of the above, or perhaps how to address this in some other way, I’d be very grateful.
Update: I’m currently using TF 0.13.5, in case that matters.