Skip to content

Fix destroy skipped on zero resource count when terraform state exists; reduce Run cyclomatic complexity#1792

Open
Copilot wants to merge 6 commits intomasterfrom
copilot/fix-issue-1781-resolution
Open

Fix destroy skipped on zero resource count when terraform state exists; reduce Run cyclomatic complexity#1792
Copilot wants to merge 6 commits intomasterfrom
copilot/fix-issue-1781-resolution

Conversation

Copy link
Copy Markdown

Copilot AI commented Mar 11, 2026
edited
Loading

When terraform apply fails mid-run, configuration.Status.Resources may be left at zero, causing the controller to unconditionally skip terraform destroy — orphaning any partially-created cloud resources indefinitely.

Changes

pkg/controller/configuration/delete.go

  • Move the state-secret existence check before the Resources == 0 early-return. The destroy skip now requires both Resources == 0 and no state secret present. If state exists, destroy runs regardless of the resource count.
  • Extract the three-part condition into shouldSkipDestroy(configuration, stateExists) bool for readability.
Resources == 0, no state  →  skip destroy   (nothing was ever created)
Resources == 0, state exists  →  run destroy  (failed apply left partial state)
Resources > 0 or nil, no state  →  run destroy + warn  (external backend: S3/GCS/etc.)

cmd/step/main.go

Resolved gocyclo lint failure (Run complexity: 33 → 13) by extracting five focused helpers:

Helper Responsibility
waitForSignal Block until wait-file appears or timeout/failure-file fires
runCommand Single command attempt (pipe setup → start → wait)
runCommandWithRetries Retry loop; returns (attempts, error)
handleCommandError Touch error file, best-effort upload-on-error, return wrapped error
uploadSuccessFiles Upload success-path files as Kubernetes secrets

Added uploadRetryAttempts = 2 constant to replace duplicate magic numbers across both upload paths.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits March 11, 2026 13:44
@gambol99
Fix issue #1781: Configuration deletion skips destroy job when state …
f06c470 
…secret is missing

- Remove state secret check in delete.go to always attempt destroy
- Add --upload-on-error flag to step binary for best-effort state upload on failure
- Add tests for both changes

Co-authored-by: gambol99 <4280679+gambol99@users.noreply.github.com>
@gambol99
Remove accidentally committed step binary and add to .gitignore
3339cd9 
Co-authored-by: gambol99 <4280679+gambol99@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix issue 1781 with codebase review and unit tests Fix orphaned cloud resources when terraform apply fails before state secret is created Mar 11, 2026
@gambol99 gambol99 marked this pull request as ready for review March 11, 2026 17:31
@gambol99 gambol99 self-requested a review as a code owner March 11, 2026 17:31
@gambol99
Restore state secret check in delete.go but proceed with destroy when…
e21fc4d 
… secret is missing

Instead of removing the check entirely, log a warning and proceed when the
state secret is absent. This handles both Kubernetes-backend configs (where
the secret exists) and external-backend / failed-apply configs (where the
state lives in S3/GCS and the K8s secret was never created).

Co-authored-by: gambol99 <4280679+gambol99@users.noreply.github.com>
@gambol99
Fix: Resources==0 early-return now considers state secret to avoid or…
d3ab4b2 
…phaning partial resources

Move state secret existence check before the Resources==0 skip-destroy decision.
Only skip destroy when BOTH Resources==0 AND no state secret exists.
If state exists with Resources==0, proceed with destroy (failed apply left state
but didn't update resource count). Also fix comment indentation in cmd/step/main.go.

Co-authored-by: gambol99 <4280679+gambol99@users.noreply.github.com>
Copilot AI changed the title Fix orphaned cloud resources when terraform apply fails before state secret is created Fix destroy job skipped when apply fails with zero/missing resource count or external state backend Mar 11, 2026
@gambol99
Reduce cyclomatic complexity of Run in cmd/step/main.go from 33 to 13
675b52f 
Extract five focused helper functions from Run:
- waitForSignal: wait-for-file logic with timeout
- runCommand: single command attempt (pipe setup, start, wait)
- runCommandWithRetries: retry loop
- handleCommandError: error-file touch + upload-on-error + wrapped error
- uploadSuccessFiles: post-success secret uploads

Also add uploadRetryAttempts constant to replace magic number 2.
Add shouldSkipDestroy helper to delete.go to clarify three-part condition.

Co-authored-by: gambol99 <4280679+gambol99@users.noreply.github.com>
Copilot AI changed the title Fix destroy job skipped when apply fails with zero/missing resource count or external state backend Fix destroy skipped on zero resource count when terraform state exists; reduce Run cyclomatic complexity Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gambol99 gambol99 Awaiting requested review from gambol99 gambol99 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@gambol99 gambol99

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gambol99