#1904 Added protection check for "apply -destroy" invocation (#1905)

* Added protection check for "apply -destroy" * Temporary directory for TestPreventDestroyApply * Temp directory for destroy
gruntwork-io · Nov 12, 2021 · b75131c · b75131c
1 parent 1247fae
commit b75131c
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/cli/cli_app.go b/cli/cli_app.go
@@ -1085,7 +1085,14 @@ func runAll(terragruntOptions *options.TerragruntOptions) error {
 
 // checkProtectedModule checks if module is protected via the "prevent_destroy" flag
 func checkProtectedModule(terragruntOptions *options.TerragruntOptions, terragruntConfig *config.TerragruntConfig) error {
-	if util.FirstArg(terragruntOptions.TerraformCliArgs) != "destroy" {
+	var destroyFlag = false
+	if util.FirstArg(terragruntOptions.TerraformCliArgs) == "destroy" {
+		destroyFlag = true
+	}
+	if util.ListContainsElement(terragruntOptions.TerraformCliArgs, "-destroy") {
+		destroyFlag = true
+	}
+	if !destroyFlag {
 		return nil
 	}
 	if terragruntConfig.PreventDestroy != nil && *terragruntConfig.PreventDestroy {

diff --git a/test/integration_test.go b/test/integration_test.go
@@ -1403,11 +1403,28 @@ func TestPreventDestroyNotSet(t *testing.T) {
 func TestPreventDestroy(t *testing.T) {
 	t.Parallel()
 
-	cleanupTerraformFolder(t, TEST_FIXTURE_LOCAL_PREVENT_DESTROY)
+	tmpEnvPath := copyEnvironment(t, "fixture-download")
+	fixtureRoot := util.JoinPath(tmpEnvPath, TEST_FIXTURE_LOCAL_PREVENT_DESTROY)
+
+	runTerragrunt(t, fmt.Sprintf("terragrunt apply -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", fixtureRoot))
+
+	err := runTerragruntCommand(t, fmt.Sprintf("terragrunt destroy -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", fixtureRoot), os.Stdout, os.Stderr)
+
+	if assert.Error(t, err) {
+		underlying := errors.Unwrap(err)
+		assert.IsType(t, cli.ModuleIsProtected{}, underlying)
+	}
+}
+
+func TestPreventDestroyApply(t *testing.T) {
+	t.Parallel()
+
+	tmpEnvPath := copyEnvironment(t, "fixture-download")
 
-	runTerragrunt(t, fmt.Sprintf("terragrunt apply -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", TEST_FIXTURE_LOCAL_PREVENT_DESTROY))
+	fixtureRoot := util.JoinPath(tmpEnvPath, TEST_FIXTURE_LOCAL_PREVENT_DESTROY)
+	runTerragrunt(t, fmt.Sprintf("terragrunt apply -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", fixtureRoot))
 
-	err := runTerragruntCommand(t, fmt.Sprintf("terragrunt destroy -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", TEST_FIXTURE_LOCAL_PREVENT_DESTROY), os.Stdout, os.Stderr)
+	err := runTerragruntCommand(t, fmt.Sprintf("terragrunt apply -destroy -auto-approve --terragrunt-non-interactive --terragrunt-working-dir %s", fixtureRoot), os.Stdout, os.Stderr)
 
 	if assert.Error(t, err) {
 		underlying := errors.Unwrap(err)