diff --git a/internal/provider/provider.go b/internal/provider/provider.go index c0a34f5db1c..6922c0f7948 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -72,6 +72,7 @@ import ( "github.com/hashicorp/terraform-provider-aws/internal/service/elbv2" "github.com/hashicorp/terraform-provider-aws/internal/service/emr" "github.com/hashicorp/terraform-provider-aws/internal/service/events" + "github.com/hashicorp/terraform-provider-aws/internal/service/figma" "github.com/hashicorp/terraform-provider-aws/internal/service/firehose" "github.com/hashicorp/terraform-provider-aws/internal/service/fms" "github.com/hashicorp/terraform-provider-aws/internal/service/fsx" @@ -1695,6 +1696,10 @@ func Provider() *schema.Provider { "aws_xray_encryption_config": xray.ResourceEncryptionConfig(), "aws_xray_group": xray.ResourceGroup(), "aws_xray_sampling_rule": xray.ResourceSamplingRule(), + + // Ideally this does not have the aws_ prefix, but terraform + // enforces the name prefix. + "aws_figma_prevent_destroy": figma.ResourcePreventDestroy(), }, } diff --git a/internal/service/figma/README.md b/internal/service/figma/README.md new file mode 100644 index 00000000000..64136b0987a --- /dev/null +++ b/internal/service/figma/README.md @@ -0,0 +1,3 @@ +# internal/service/figma + +This is a directory for home grown figma resources diff --git a/internal/service/figma/prevent_destroy.go b/internal/service/figma/prevent_destroy.go new file mode 100644 index 00000000000..11e83b96346 --- /dev/null +++ b/internal/service/figma/prevent_destroy.go @@ -0,0 +1,62 @@ +package figma +// This is explained in figma/figma/config/terraform/modules/asserts/prevent-destroy/main.tf + +import ( + "fmt" + "log" + "math/rand" + "os" + "strconv" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func ResourcePreventDestroy() *schema.Resource { + return &schema.Resource{ + Create: ResourcePreventDestroyCreate, + Read: ResourcePreventDestroyRead, + Delete: ResourcePreventDestroyDelete, + // Update: Not needed or allowed because there are no callsite + // controllable parameters + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(1 * time.Minute), + Read: schema.DefaultTimeout(1 * time.Minute), + Delete: schema.DefaultTimeout(1 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "id": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func ResourcePreventDestroyCreate(d *schema.ResourceData, meta interface{}) error { + d.SetId(strconv.Itoa(rand.Int())) + return ResourcePreventDestroyRead(d, meta) +} + +func ResourcePreventDestroyRead(d *schema.ResourceData, meta interface{}) error { + return nil +} + +func ResourcePreventDestroyDelete(d *schema.ResourceData, meta interface{}) error { + if os.Getenv("TF_PREVENT_DESTROY") != "false" { + return fmt.Errorf( + "Destroy blocked on prevent-destroy module." + + " We create these to act as guard rails that protect against accidental destruction of important resources." + + " Please check your plan and make sure you are not destroying anything important." + + " If you really mean to destroy, please set env var TF_PREVENT_DESTROY=false and re-run.") + } else { + log.Printf("[INFO] TF_PREVENT_DESTROY=false passed, so allowing destroy") + } + + return nil +}