Add prevent_removal lifecycle flag as a stronger version of prevent_destroy

[ben-z]

#17599 has been a longstanding issue around the implementation of the prevent_destroy flag. Specifically, the flag does not prevent destroying resources for which the configuration has been removed. This PR addresses this need with a different flag, prevent_removal, which implements the desired behaviour. The desired behaviour is described in this comment:

Currently removing a resource from configuration is treated as intent to remove the resource, since that's an explicit action on your part rather than it happening as a part of some other action, such as resource replacement or a whole-configuration destroy.

However, your idea of retaining this in the state and requiring multiple steps to actually destroy is an interesting one:

1. Leave resource in config but remove prevent_destroy
2. Run terraform apply to update the state to no longer have that flag set.
3. Remove the resource from configuration entirely.
4. Run terraform apply again to actually destroy it.

Fixes #17599

Target Release

Any

Draft CHANGELOG entry

NEW FEATURES

• Introduced prevent_removal flag for preventing destroying resources even when the configuration is removed.

[hashicorp-cla]

All committers have signed the CLA.

[crw]

Thanks for this submission! Given the complexity of this issue, I expect this will need to be prioritized against other 1.6 roadmap items to get into review. I will bring this to triage and report back. Thanks again!

Also, if this gets reviewed it will need documentation. Please do not work on that now, as I am not sure if this will get past the review stage. I am just leaving this note as a reminder to myself to make sure this happens if it is needed.

[yfried]

Hi, is there an update on this feautre?

[crw]

I re-reviewed this PR with @apparentlymart. We are working on a project which may inform how we would want to approach this problem. Once that project is complete, we will revisit this PR / problem. Thanks!