Clarifying behavior for destroy-time provisioners (#20819)

2019-04-05 14:22:16 -04:00 · 2019-04-05 14:22:16 -04:00 · 0d0a1128e4
parent be04e70a0f
commit 0d0a1128e4
1 changed files with 14 additions and 1 deletions
--- a/website/docs/provisioners/index.html.markdown
+++ b/website/docs/provisioners/index.html.markdown
@ -30,7 +30,7 @@ how to communicate with the resource.

 ## Creation-Time Provisioners

-Provisioners by default run when the resource they are defined within is
+By default, provisioners run when the resource they are defined within is
 created. Creation-time provisioners are only run during _creation_, not
 during updating or any other lifecycle. They are meant as a means to perform
 bootstrapping of a system.
@ -50,6 +50,17 @@ which is covered in detail below.
 If `when = "destroy"` is specified, the provisioner will run when the
 resource it is defined within is _destroyed_.

+```hcl
+resource "aws_instance" "web" {
+  # ...
+
+  provisioner "local-exec" {
+    when    = "destroy"
+    command = "echo 'Destroy-time provisioner'"
+  }
+}
+```
+
 Destroy provisioners are run before the resource is destroyed. If they
 fail, Terraform will error and rerun the provisioners again on the next
 `terraform apply`. Due to this behavior, care should be taken for destroy
@ -70,6 +81,8 @@ remove a resource with a destroy-time provisioner:
 This limitation may be addressed in future versions of Terraform. For now,
 destroy-time provisioners must be used sparingly and with care.

+~> **NOTE:** A destroy-time provisioner within a resource that is tainted _will not_ run. This includes resources that are marked tainted from a failed creation-time provisioner or tainted manually using `terraform taint`.
+
 ## Multiple Provisioners

 Multiple provisioners can be specified within a resource. Multiple provisioners