Allow destroying non-empty S3 buckets #1104
Description
Problem description
Typically when allocating a teraform project with an stackit_objectstorage_bucket one will also allocate stackit_objectstorage_credential and stackit_objectstorage_credentials_group.
When destroying, the credential-related objects will be destroyed but the bucket object will only be destroyed if the bucket is non-empty. This results in an awkward terraform state where you can no longer login to the bucket to clean up.
Instead you have to use other methods (i.e. CLI/API) to recreate credentials in order to login to the bucket with a s3-compatible client and empty the bucket. Then you can proceed to completely destroy the terraform state, if you haven't decided to get rid of the ill-defined situation with terraform state rm <name-of-your-bucket-instance>
Proposed solution
It would be nice terraform destroy would be able to destroy a non-empty stackit s3 object storage.
This could be an option in the stackit_objectstorage_bucket resource.
Since the STACKIT Object Storage API v2 does not yet support this option, this could be only a workaround to automatically do what I manually do, i.e.
- detect bucket is non-empty
- detect that we have sufficient credentials in the tf state
- if both apply, wipe the bucket before deleting.
Alternative solutions (optional)
The better solution would be of course if the API (DELETE bucket) would support some force=true argument which could just be exposed in tf.