Skip to content

feat(cloud_project): add client-side deletion_protection attribute#1270

Merged
amstuta merged 2 commits intoovh:masterfrom
pascalinthecloud:feat/#1269-deletion-protection-public-cloud-project
Mar 28, 2026
Merged

feat(cloud_project): add client-side deletion_protection attribute#1270
amstuta merged 2 commits intoovh:masterfrom
pascalinthecloud:feat/#1269-deletion-protection-public-cloud-project

Conversation

@pascalinthecloud
Copy link
Copy Markdown
Contributor

@pascalinthecloud pascalinthecloud commented Mar 27, 2026

Description

Add a client-side deletion_protection attribute to the ovh_cloud_project resource. When set to true, Terraform will refuse to destroy the resource, preventing accidental deletion of public cloud projects. Users must explicitly set deletion_protection = false and run terraform apply before the resource can be destroyed.

This is a client-side only implementation since the OVH API does not support deletion protection. The value is stored in Terraform state, so it also protects against removal of the resource block from the configuration — unlike Terraform's built-in prevent_destroy lifecycle meta-argument, which only blocks terraform destroy but does not prevent deletion when the resource block is removed from the config.

Fixes #1269

Type of change

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

  • Test A: go test ./ovh/ -run TestResourceCloudProjectDelete_deletionProtection -v

Unit test that verifies:

  1. deletion_protection = true blocks deletion with an appropriate error message
  2. deletion_protection = false passes the guard and proceeds to the API call

Additionally, manual testing was performed with a real cloud project:

  1. Applied with deletion_protection = true
  2. Confirmed terraform destroy fails with error
  3. Changed to deletion_protection = false, ran terraform apply
  4. Confirmed terraform destroy proceeds

Test Configuration:

  • Terraform version: Terraform v1.14.3
  • Existing HCL configuration used:
resource "ovh_cloud_project" "my_cloud_project" {
  ovh_subsidiary = "FR"
  description    = "my cloud project"

  deletion_protection = true

  plan {
    duration     = "P1M"
    plan_code    = "project.2018"
    pricing_mode = "default"
  }
}

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings or issues
  • I have added acceptance tests that prove my fix is effective or that my feature works
  • New and existing acceptance tests pass locally with my changes
  • I ran successfully go mod vendor if I added or modify go.mod file

@pascalinthecloud pascalinthecloud requested a review from a team as a code owner March 27, 2026 14:55
@pascalinthecloud pascalinthecloud force-pushed the feat/#1269-deletion-protection-public-cloud-project branch from 0246aed to f837ce5 Compare March 27, 2026 14:55
amstuta
amstuta approved these changes Mar 28, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@amstuta amstuta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution @pascalinthecloud !

@amstuta amstuta merged commit 3ccf46f into ovh:master Mar 28, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amstuta amstuta amstuta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Implement deletion_protection on ovh_cloud_project

2 participants

@pascalinthecloud @amstuta