Problem
The unleash_project_access resource intentionally skips deletion on terraform destroy, only showing a warning:
"The projectAccess resource was removed from the Terraform state, but not deleted from the actual system."
This causes unleash_role deletion to fail with RoleInUseError because the role is still assigned to groups.
Current Workaround
Using null_resource with a destroy-time provisioner to manually call the API and remove role assignments.
Proposed Solution
Add an optional force_delete or delete_on_destroy argument to actually remove the role assignments when the resource is destroyed, allowing dependent resources like unleash_role to be cleaned up properly.
Use Case
When tearing down an environment, we need to delete:
- Role assignments (via
unleash_project_access)
- Custom roles (via
unleash_role)
Currently step 2 fails because step 1 doesn't actually remove anything.
Problem
The
unleash_project_accessresource intentionally skips deletion onterraform destroy, only showing a warning:This causes
unleash_roledeletion to fail withRoleInUseErrorbecause the role is still assigned to groups.Current Workaround
Using
null_resourcewith a destroy-time provisioner to manually call the API and remove role assignments.Proposed Solution
Add an optional
force_deleteordelete_on_destroyargument to actually remove the role assignments when the resource is destroyed, allowing dependent resources likeunleash_roleto be cleaned up properly.Use Case
When tearing down an environment, we need to delete:
unleash_project_access)unleash_role)Currently step 2 fails because step 1 doesn't actually remove anything.