Clean up Terraform state files on deletion
What does this MR do and why?
Currently when a Terraform state is deleted, the database records are removed but associated state files remain in object storage because the records are removed via cascading foreign key, which doesn't fire ActiveRecord callbacks.
To fix this, deletion now happens in two steps:
- Mark the state as deleted, which will prevent it from being accessed by Terraform
- From a worker, remove each associated file from object storage, followed by the database records
Note: When a state is marked for deletion, Terraform (ie the REST API) cannot access it, but it still shows up in the UI until deletion is complete. Next we should add a "deleting" label, similar to the current "locked" one.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
-
Create a basic Terraform project that uses GitLab managed state, for example with the following
main.tf
:terraform { backend "http" { } } resource "local_file" "test" { content = "test" filename = "${path.module}/test.txt" }
-
Modify the
content
value and runterraform apply
a few times, to generate a version history -
Visit http://path/to/your/project/-/terraform and select "Remove state and versions"
-
Verify files are removed from object storage
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #349011 (closed)