This topic describes how to add a Terraform Destroy step to remove any provisioned infrastructure, just like running the
terraform destroy command. See destroy from Terraform.
The Terraform Destroy step is independent of any other Terraform provisioning steps. It's not restricted to removing the infrastructure deployed in its stage. It can remove any infrastructure you've provisioned using Harness.
Before You Begin
- Terraform Provisioning with Harness
- Provision Target Deployment Infra Dynamically with Terraform
- Provision with the Terraform Apply Step
Important: Install Terraform on Delegates
Terraform must be installed on the Delegate to use a Harness Terraform Provisioner. You can install Terraform manually or use the
INIT_SCRIPT environment variable in the Delegate YAML.
# Install TF
curl -O -L https://releases.hashicorp.com/terraform/0.12.25/terraform_0.12.25_linux_amd64.zip
mv ./terraform /usr/bin/
# Check TF install
Review: What Gets Destroyed?
When you add Terraform Plan and Apply steps, you specify the Terraform script that Harness will use for provisioning. You add a Provisioner Identifier to each step to identify the provisioning.
When you destroy the provisioned infrastructure, you specify the same Provisioner Identifier in the Terraform Destroy step. The Provisioner Identifier enables Harness to locate the same Terraform script used for provisioning.
Step 1: Add the Terraform Destroy Step
You can add the Terraform Destroy step in the following places:
- The Execution steps of a stage.
- The steps of an Infrastructure's Dynamic Provisioning section.
- The Rollback steps of a stage's Execution or Infrastructure using Dynamic Provisioning.
In Name, enter a name for the step. You can use the name to reference the Terraform Destroy settings.
Step 2: Configuration Type
There are three options:
- Inline: Removes the provisioned resources you identify using Provisioner Identifier and other settings.
- Inherit from Plan: Removes the resources defined in the Harness Terraform Plan step that you identify using Provisioner Identifier. Similar to
terraform plan -destroy.
- Inherit from Apply: Removes the resources defined in the Harness Terraform Apply step that you identify using Provisioner Identifier. Similar to
Step 3: Reference the Provisioner Identifier
In Provisioner Identifier, enter the same Provisioner Identifier you used in the Terraform Apply step that provisioning the resources you want to destroy.
Click Apply Changes.
The Terraform Destroy step is added.
Command line options
Currently, the Terraform command line option is behind the feature flag
CDS_TERRAFORM_CLI_OPTIONS_NG. Contact Harness Support to enable the feature.
This setting allows you to set the Terraform CLI options for Terraform commands depending on the Terraform step type. For example:
Skip Terraform Refresh
Terraform refresh command won't be running when this setting is selected.
Working directory cleanup
Each Terraform step runs in a specific working directory on the delegate.
The Terraform working directory is located at
To that directory path, Harness adds additional directories that are named after the organization, account, project, and provisionerId (from the step) such that the final working directory is
In this final working directory, Harness stores the Terraform configuration and all fetched files such as var-files and backend-config.
Once the Terraform step execution is complete, Harness cleans up the main working directory
If you generate any local resources on the delegate in the directory where Terraform configurations are located, those resources are also removed. If you need those resources, make sure to generate them outside the Terraform working directory.
Terraform variable files
You can specify Terraform variables inline and fetch remote variable files during run time. For more information, go to Specify Terraform variables.