do not use isDestroy flag and read prevent_destroy directly

Author: andrewnester

bundle/phases/deploy.go

@@ -52,7 +52,7 @@ func approvalForDeploy(ctx context.Context, b *bundle.Bundle) (bool, error) {
 		return false, err
 	}
 
-	err = checkForPreventDestroy(b, actions, false)
+	err = checkForPreventDestroy(b, actions)
 	if err != nil {
 		return false, err
 	}

bundle/phases/destroy.go

@@ -65,7 +65,7 @@ func approvalForDestroy(ctx context.Context, b *bundle.Bundle) (bool, error) {
 		return false, err
 	}
 
-	err = checkForPreventDestroy(b, deleteActions, true)
+	err = checkForPreventDestroy(b, deleteActions)
 	if err != nil {
 		return false, err
 	}

bundle/phases/plan.go

@@ -52,28 +52,26 @@ func deployPrepare(ctx context.Context, b *bundle.Bundle) map[string][]libraries
 
 // checkForPreventDestroy checks if the resource has lifecycle.prevent_destroy set, but the plan calls for this resource to be recreated or destroyed.
 // If it does, it returns an error.
-func checkForPreventDestroy(b *bundle.Bundle, actions []deployplan.Action, isDestroy bool) error {
+func checkForPreventDestroy(b *bundle.Bundle, actions []deployplan.Action) error {
 	root := b.Config.Value()
 	for _, action := range actions {
-		// If the action is not a recreate or a delete as part of destroy - skip checking for prevent destroy
-		// We allow delete as part of deploy though (hence isDestroy check) because we mimic the behavior of terraform which allows such resources to be removed from config.
-		if action.ActionType != deployplan.ActionTypeRecreate && (!isDestroy || action.ActionType != deployplan.ActionTypeDelete) {
+		if action.ActionType != deployplan.ActionTypeRecreate && action.ActionType != deployplan.ActionTypeDelete {
 			continue
 		}
 
-		path := dyn.NewPath(dyn.Key("resources"), dyn.Key(action.Group), dyn.Key(action.Key), dyn.Key("lifecycle"))
-		lifecycleV, err := dyn.GetByPath(root, path)
-		// If there is no lifecycle, skip
+		path := dyn.NewPath(dyn.Key("resources"), dyn.Key(action.Group), dyn.Key(action.Key), dyn.Key("lifecycle"), dyn.Key("prevent_destroy"))
+		// If there is no prevent_destroy, skip
+		preventDestroyV, err := dyn.GetByPath(root, path)
 		if err != nil {
 			return nil
 		}
 
-		if lifecycleV.Kind() == dyn.KindMap {
-			preventDestroyV := lifecycleV.Get("prevent_destroy")
-			preventDestroy, ok := preventDestroyV.AsBool()
-			if ok && preventDestroy {
-				return fmt.Errorf("resource %s has lifecycle.prevent_destroy set, but the plan calls for this resource to be recreated or destroyed. To avoid this error, disable lifecycle.prevent_destroy for %s.%s", action.Key, action.Group, action.Key)
-			}
+		preventDestroy, ok := preventDestroyV.AsBool()
+		if !ok {
+			return fmt.Errorf("internal error: prevent_destroy is not a boolean for %s.%s", action.Group, action.Key)
+		}
+		if preventDestroy {
+			return fmt.Errorf("resource %s has lifecycle.prevent_destroy set, but the plan calls for this resource to be recreated or destroyed. To avoid this error, disable lifecycle.prevent_destroy for %s.%s", action.Key, action.Group, action.Key)
 		}
 	}
 	return nil

bundle/phases/plan_test.go

@@ -54,7 +54,7 @@ func TestCheckPreventDestroyForAllResources(t *testing.T) {
 				},
 			}
 
-			err := checkForPreventDestroy(b, actions, false)
+			err := checkForPreventDestroy(b, actions)
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "resource test_resource has lifecycle.prevent_destroy set")
 			require.Contains(t, err.Error(), "but the plan calls for this resource to be recreated or destroyed")