Skip to content

Clean up Terraform state files on deletion

Tiger Watson requested to merge 349011-clean-up-terraform-state-files-on-delete into master

What does this MR do and why?

Currently when a Terraform state is deleted, the database records are removed but associated state files remain in object storage because the records are removed via cascading foreign key, which doesn't fire ActiveRecord callbacks.

To fix this, deletion now happens in two steps:

  1. Mark the state as deleted, which will prevent it from being accessed by Terraform
  2. From a worker, remove each associated file from object storage, followed by the database records

Note: When a state is marked for deletion, Terraform (ie the REST API) cannot access it, but it still shows up in the UI until deletion is complete. Next we should add a "deleting" label, similar to the current "locked" one.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

  1. Create a basic Terraform project that uses GitLab managed state, for example with the following main.tf:

    terraform {
  backend "http" {
  }
}

resource "local_file" "test" {
    content  = "test"
    filename = "${path.module}/test.txt"
}

  2. Modify the content value and run terraform apply a few times, to generate a version history

  3. Visit http://path/to/your/project/-/terraform and select "Remove state and versions"

  4. Verify files are removed from object storage

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #349011 (closed)

Edited by Tiger Watson

Merge request reports