I’d like to understand more about the destroy parameter and the state file.
My use case is:
I create a git branch called “config” and I run the terraform apply to deploy a set of infrastructure. Then someone in my team modifies the configuration, commits to my branch but does not run the terraform apply. Then when I want to destroy, I pull my branch to get the latest version and run the destroy.
What happens? After the modification but before I run the destroy, the configuration described in the state file is different from the configuration of my new code. If for example 3 resources had been removed as part of the modification, when terraform is running the destroy, is it destroying purely what is in the statefile? Or does it use my configuration files too? How does it handle those 3 resources no longer being present in the configuration? If it purely destroys all resources as listed in the statefile, what’s the point of supplying it with a configuration containing resources to run the destroy against?
Thanks in advance for your help.
The destroy mode is effectively just a shortcut for pretending that all resources have been removed from the configuration, without actually having to edit the files manually.
(That’s not the same as running with an empty configuration, as provider configuration may still be needed.)
To clarify, I can add, remove or change as many resources I want in my intermediate not-deployed configuration, and the destroy will ignore all these changes and just destroy all the resources listed in the state file?
Extra words to satisfy minimum post size.
Excellent, thanks for the help.
This is all correct and I just want to put some more emphasis on the second paragraph:
If the changes to the configuration include removal of any provider configurations, then Terraform will probably not be able to complete the destroy operation because provider configurations are (unlike most other objects in a Terraform configuration) needed for all phases of Terraform’s work, aside from basic static validation.
But that aside, the “destroy” planning mode largely ignores the configuration and uses the contents of the state to create the plan, as @maxb described. This is similar to what happens if you remove all of the resources from the configuration; although mechanically it’s implemented a little differently than that but it’s a good way to think about it nonetheless.