fix: Fixing backend delete safety features (#4089)

yhakbar · web-flow · commit 29da1c4d7676 · 2025-03-27T22:56:52.000Z
* fix: Fixing visible subcommands and flags

* fix: Fixing implementation for subcommands, as that was fine

* fix: Fixing backend safety feature for `delete`

* fix: Adding feature flag to control versioning

* feat: Adding integration test for force requirement

* fix: Adding GCP check too

* fix: Plumbing ctx through for GCS bucket provisioning
diff --git a/cli/commands/backend/delete/cli.go b/cli/commands/backend/delete/cli.go
@@ -11,7 +11,8 @@ import (
 const (
 	CommandName = "delete"
 
-	BucketFlagName = "bucket"
+	BucketFlagName             = "bucket"
+	ForceBackendDeleteFlagName = "force"
 )
 
 func NewFlags(cmdOpts *Options, prefix flags.Prefix) cli.Flags {
@@ -25,6 +26,12 @@ func NewFlags(cmdOpts *Options, prefix flags.Prefix) cli.Flags {
 			Hidden:      true,
 			Destination: &cmdOpts.DeleteBucket,
 		}),
+		flags.NewFlag(&cli.BoolFlag{
+			Name:        ForceBackendDeleteFlagName,
+			EnvVars:     tgPrefix.EnvVars(ForceBackendDeleteFlagName),
+			Usage:       "Force the backend to be deleted, even if the bucket is not versioned.",
+			Destination: &cmdOpts.ForceBackendDelete,
+		}),
 	}
 
 	return append(flags, run.NewFlags(cmdOpts.TerragruntOptions, nil).Filter(run.ConfigFlagName, run.DownloadDirFlagName)...)
diff --git a/internal/remotestate/backend/gcs/backend.go b/internal/remotestate/backend/gcs/backend.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/gruntwork-io/terragrunt/internal/errors"
 	"github.com/gruntwork-io/terragrunt/internal/remotestate/backend"
 	"github.com/gruntwork-io/terragrunt/options"
 	"github.com/gruntwork-io/terragrunt/shell"
@@ -108,7 +109,7 @@ func (backend *Backend) Init(ctx context.Context, backendConfig backend.Config,
 	// If bucket is specified and skip_bucket_versioning is false then warn user if versioning is disabled on bucket
 	if !extGCSCfg.SkipBucketVersioning && bucketName != "" {
 		// TODO: Remove lint suppression
-		if err := client.CheckIfGCSVersioningEnabled(bucketName); err != nil { //nolint:contextcheck
+		if _, err := client.CheckIfGCSVersioningEnabled(ctx, bucketName); err != nil { //nolint:contextcheck
 			return err
 		}
 	}
@@ -130,6 +131,17 @@ func (backend *Backend) Delete(ctx context.Context, backendConfig backend.Config
 		return err
 	}
 
+	if !opts.ForceBackendDelete {
+		versioned, err := client.CheckIfGCSVersioningEnabled(ctx, extGCSCfg.RemoteStateConfigGCS.Bucket)
+		if err != nil {
+			return err
+		}
+
+		if !versioned {
+			return errors.New("bucket is not versioned, refusing to delete backend state. If you are sure you want to delete the backend state anyways, use the --force flag")
+		}
+	}
+
 	var (
 		bucketName = extGCSCfg.RemoteStateConfigGCS.Bucket
 		prefix     = extGCSCfg.RemoteStateConfigGCS.Prefix
diff --git a/internal/remotestate/backend/gcs/client.go b/internal/remotestate/backend/gcs/client.go
@@ -156,21 +156,20 @@ func (client *Client) CreateGCSBucketIfNecessary(ctx context.Context, bucketName
 }
 
 // CheckIfGCSVersioningEnabled checks if versioning is enabled for the GCS bucket specified in the given config and warn the user if it is not
-func (client *Client) CheckIfGCSVersioningEnabled(bucketName string) error {
-	ctx := context.Background()
+func (client *Client) CheckIfGCSVersioningEnabled(ctx context.Context, bucketName string) (bool, error) {
 	bucket := client.Bucket(bucketName)
 
 	attrs, err := bucket.Attrs(ctx)
 	if err != nil {
 		// ErrBucketNotExist
-		return errors.New(err)
+		return false, errors.New(err)
 	}
 
 	if !attrs.VersioningEnabled {
-		client.logger.Warnf("Versioning is not enabled for the remote state GCS bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.", bucketName)
+		client.logger.Warnf("Versioning is not enabled for the remote state GCS bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your OpenTofu/Terraform state in case of error.", bucketName)
 	}
 
-	return nil
+	return attrs.VersioningEnabled, nil
 }
 
 // CreateGCSBucketWithVersioning creates the given GCS bucket and enables versioning for it.
diff --git a/internal/remotestate/backend/s3/backend.go b/internal/remotestate/backend/s3/backend.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"path"
 
+	"github.com/gruntwork-io/terragrunt/internal/errors"
 	"github.com/gruntwork-io/terragrunt/internal/remotestate/backend"
 	"github.com/gruntwork-io/terragrunt/options"
 	"github.com/gruntwork-io/terragrunt/shell"
@@ -138,6 +139,17 @@ func (backend *Backend) Delete(ctx context.Context, backendConfig backend.Config
 		return err
 	}
 
+	if !opts.ForceBackendDelete {
+		versioned, err := client.CheckIfVersioningEnabled(ctx, extS3Cfg.RemoteStateConfigS3.Bucket)
+		if err != nil {
+			return err
+		}
+
+		if !versioned {
+			return errors.New("bucket is not versioned, refusing to delete backend state. If you are sure you want to delete the backend state anyways, use the --force flag")
+		}
+	}
+
 	var (
 		bucketName = extS3Cfg.RemoteStateConfigS3.Bucket
 		bucketKey  = extS3Cfg.RemoteStateConfigS3.Key
diff --git a/internal/remotestate/backend/s3/client.go b/internal/remotestate/backend/s3/client.go
@@ -416,7 +416,7 @@ func (client *Client) CheckIfVersioningEnabled(ctx context.Context, bucketName s
 	// NOTE: There must be a bug in the AWS SDK since res == nil when versioning is not enabled. In the future,
 	// check the AWS SDK for updates to see if we can remove "res == nil ||".
 	if res == nil || res.Status == nil || *res.Status != s3.BucketVersioningStatusEnabled {
-		client.logger.Warnf("Versioning is not enabled for the remote state S3 bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.", bucketName)
+		client.logger.Warnf("Versioning is not enabled for the remote state S3 bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your OpenTofu/Terraform state in case of error.", bucketName)
 		return false, nil
 	}
 
diff --git a/options/options.go b/options/options.go
@@ -287,6 +287,8 @@ type TerragruntOptions struct {
 	Graph bool
 	// BackendBootstrap automatically bootstraps backend infrastructure before attempting to use it.
 	BackendBootstrap bool
+	// ForceBackendDelete forces the backend to be deleted, even if the bucket is not versioned.
+	ForceBackendDelete bool
 }
 
 // TerragruntOptionsFunc is a functional option type used to pass options in certain integration tests
diff --git a/test/fixtures/bootstrap-gcs-backend/common.hcl b/test/fixtures/bootstrap-gcs-backend/common.hcl
@@ -1,3 +1,7 @@
+feature "disable_versioning" {
+  default = false
+}
+
 remote_state {
   backend = "gcs"
 
@@ -11,5 +15,7 @@ remote_state {
     location = "__FILL_IN_LOCATION__"
     project  = "__FILL_IN_PROJECT__"
     bucket   = "__FILL_IN_BUCKET_NAME__"
+
+    skip_bucket_versioning = feature.disable_versioning.value
   }
 }
diff --git a/test/fixtures/bootstrap-s3-backend/common.hcl b/test/fixtures/bootstrap-s3-backend/common.hcl
@@ -1,3 +1,7 @@
+feature "disable_versioning" {
+  default = false
+}
+
 remote_state {
   backend = "s3"
   generate = {
@@ -9,5 +13,7 @@ remote_state {
     bucket         = "__FILL_IN_BUCKET_NAME__"
     region         = "__FILL_IN_REGION__"
     dynamodb_table = "__FILL_IN_LOCK_TABLE_NAME__"
+
+    skip_bucket_versioning = feature.disable_versioning.value
   }
 }
diff --git a/test/integration_aws_test.go b/test/integration_aws_test.go
@@ -125,6 +125,39 @@ func TestAwsBootstrapBackend(t *testing.T) {
 	}
 }
 
+func TestAwsBootstrapBackendWithoutVersioning(t *testing.T) {
+	t.Parallel()
+
+	helpers.CleanupTerraformFolder(t, testFixtureBootstrapS3Backend)
+	tmpEnvPath := helpers.CopyEnvironment(t, testFixtureBootstrapS3Backend)
+	rootPath := util.JoinPath(tmpEnvPath, testFixtureBootstrapS3Backend)
+
+	testID := strings.ToLower(helpers.UniqueID())
+
+	s3BucketName := "terragrunt-test-bucket-" + testID
+	dynamoDBName := "terragrunt-test-dynamodb-" + testID
+
+	defer func() {
+		deleteS3Bucket(t, s3BucketName, helpers.TerraformRemoteStateS3Region)
+		cleanupTableForTest(t, dynamoDBName, helpers.TerraformRemoteStateS3Region)
+	}()
+
+	commonConfigPath := util.JoinPath(rootPath, "common.hcl")
+	helpers.CopyTerragruntConfigAndFillPlaceholders(t, commonConfigPath, commonConfigPath, s3BucketName, dynamoDBName, helpers.TerraformRemoteStateS3Region)
+
+	_, _, err := helpers.RunTerragruntCommandWithOutput(t, "terragrunt run --all --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true --backend-bootstrap apply")
+	require.NoError(t, err)
+
+	validateS3BucketExistsAndIsTagged(t, helpers.TerraformRemoteStateS3Region, s3BucketName, nil)
+	validateDynamoDBTableExistsAndIsTagged(t, helpers.TerraformRemoteStateS3Region, dynamoDBName, nil)
+
+	_, _, err = helpers.RunTerragruntCommandWithOutput(t, "terragrunt --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true backend delete --all")
+	require.Error(t, err)
+
+	_, _, err = helpers.RunTerragruntCommandWithOutput(t, "terragrunt --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true backend delete --all --force")
+	require.NoError(t, err)
+}
+
 func TestAwsDeleteBackend(t *testing.T) {
 	t.Parallel()
 
diff --git a/test/integration_gcp_test.go b/test/integration_gcp_test.go
@@ -96,6 +96,35 @@ func TestGcpBootstrapBackend(t *testing.T) {
 	}
 }
 
+func TestGcpBootstrapBackendWithoutVersioning(t *testing.T) {
+	t.Parallel()
+
+	helpers.CleanupTerraformFolder(t, testFixtureBootstrapGCSBackend)
+	tmpEnvPath := helpers.CopyEnvironment(t, testFixtureBootstrapGCSBackend)
+	rootPath := util.JoinPath(tmpEnvPath, testFixtureBootstrapGCSBackend)
+
+	gcsBucketName := "terragrunt-test-bucket-" + strings.ToLower(helpers.UniqueID())
+
+	defer func() {
+		deleteGCSBucket(t, gcsBucketName)
+	}()
+
+	project := os.Getenv("GOOGLE_CLOUD_PROJECT")
+	commonConfigPath := util.JoinPath(rootPath, "common.hcl")
+	copyTerragruntGCSConfigAndFillPlaceholders(t, commonConfigPath, commonConfigPath, project, terraformRemoteStateGcpRegion, gcsBucketName)
+
+	_, _, err := helpers.RunTerragruntCommandWithOutput(t, "terragrunt run --all --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true --backend-bootstrap apply")
+	require.NoError(t, err)
+
+	validateGCSBucketExistsAndIsLabeled(t, terraformRemoteStateGcpRegion, gcsBucketName, nil)
+
+	_, _, err = helpers.RunTerragruntCommandWithOutput(t, "terragrunt --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true backend delete --all")
+	require.Error(t, err)
+
+	_, _, err = helpers.RunTerragruntCommandWithOutput(t, "terragrunt --non-interactive --log-level debug --strict-control require-explicit-bootstrap --experiment cli-redesign --working-dir "+rootPath+" --feature disable_versioning=true backend delete --all --force")
+	require.NoError(t, err)
+}
+
 func TestGcpDeleteBackend(t *testing.T) {
 	t.Parallel()
 

Original file line number	Diff line number	Diff line change
`@@ -156,21 +156,20 @@ func (client *Client) CreateGCSBucketIfNecessary(ctx context.Context, bucketName`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`// CheckIfGCSVersioningEnabled checks if versioning is enabled for the GCS bucket specified in the given config and warn the user if it is not`
`159`		`-func (client *Client) CheckIfGCSVersioningEnabled(bucketName string) error {`
`160`		`- ctx := context.Background()`
	`159`	`+func (client *Client) CheckIfGCSVersioningEnabled(ctx context.Context, bucketName string) (bool, error) {`
`161`	`160`	`bucket := client.Bucket(bucketName)`
`162`	`161`
`163`	`162`	`attrs, err := bucket.Attrs(ctx)`
`164`	`163`	`if err != nil {`
`165`	`164`	`// ErrBucketNotExist`
`166`		`- return errors.New(err)`
	`165`	`+ return false, errors.New(err)`
`167`	`166`	`}`
`168`	`167`
`169`	`168`	`if !attrs.VersioningEnabled {`
`170`		`- client.logger.Warnf("Versioning is not enabled for the remote state GCS bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.", bucketName)`
	`169`	`+ client.logger.Warnf("Versioning is not enabled for the remote state GCS bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your OpenTofu/Terraform state in case of error.", bucketName)`
`171`	`170`	`}`
`172`	`171`
`173`		`- return nil`
	`172`	`+ return attrs.VersioningEnabled, nil`
`174`	`173`	`}`
`175`	`174`
`176`	`175`	`// CreateGCSBucketWithVersioning creates the given GCS bucket and enables versioning for it.`
Original file line number	Diff line number	Diff line change
`@@ -416,7 +416,7 @@ func (client *Client) CheckIfVersioningEnabled(ctx context.Context, bucketName s`
`416`	`416`	`// NOTE: There must be a bug in the AWS SDK since res == nil when versioning is not enabled. In the future,`
`417`	`417`	`// check the AWS SDK for updates to see if we can remove "res == nil \|\|".`
`418`	`418`	`if res == nil \|\| res.Status == nil \|\| *res.Status != s3.BucketVersioningStatusEnabled {`
`419`		`- client.logger.Warnf("Versioning is not enabled for the remote state S3 bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.", bucketName)`
	`419`	`+ client.logger.Warnf("Versioning is not enabled for the remote state S3 bucket %s. We recommend enabling versioning so that you can roll back to previous versions of your OpenTofu/Terraform state in case of error.", bucketName)`
`420`	`420`	`return false, nil`
`421`	`421`	`}`
`422`	`422`
Original file line number	Diff line number	Diff line change
`@@ -287,6 +287,8 @@ type TerragruntOptions struct {`
`287`	`287`	`Graph bool`
`288`	`288`	`// BackendBootstrap automatically bootstraps backend infrastructure before attempting to use it.`
`289`	`289`	`BackendBootstrap bool`
	`290`	`+ // ForceBackendDelete forces the backend to be deleted, even if the bucket is not versioned.`
	`291`	`+ ForceBackendDelete bool`
`290`	`292`	`}`
`291`	`293`
`292`	`294`	`// TerragruntOptionsFunc is a functional option type used to pass options in certain integration tests`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,7 @@`
	`1`	`+feature "disable_versioning" {`
	`2`	`+ default = false`
	`3`	`+}`
	`4`	`+`
`1`	`5`	`remote_state {`
`2`	`6`	`backend = "gcs"`
`3`	`7`
`@@ -11,5 +15,7 @@ remote_state {`
`11`	`15`	`location = "__FILL_IN_LOCATION__"`
`12`	`16`	`project = "__FILL_IN_PROJECT__"`
`13`	`17`	`bucket = "__FILL_IN_BUCKET_NAME__"`
	`18`	`+`
	`19`	`+ skip_bucket_versioning = feature.disable_versioning.value`
`14`	`20`	`}`
`15`	`21`	`}`