[skywhopper]

Not sure what you mean exactly about "shutting down a server when deleting a Terraform resource". But do you think that's something inherent to the design that OpenTF wouldn't be able to address?

Personally I think Terraform hit on a really good pattern for IaC, and while there are lots of rough edges that could be polished, the overall approach is by far the best fit yet invented for the problem it's aiming to solve.

[thayne]

I'm not sure what they mean by that. But one case where terraform's model doesn't work very well, is updating a certificate on a load balancer (to be concrete, say an ACM certificate attached to an NLB in AWS) to a new cert and remove the old one. The proper way to do that, without service interruption is the following:

1. Create new certificate

2. Update the certificate attached to the load balancer

3. Delete old certificate

But it isn't actually possible to do that in that order with terraform because of how dependencies work.

By default what terraform will try to do is:

1. Delete old certificate. this will either fail, because the certificate is in use (as is the case in AWS) or destroy a resource that is still in use and cause the load balancer to enter a bad state

2. Create new certificate

3. Update the load balancer

The only ways I have found to work around this is with targeted applies (which are discouraged), or splitting the change up into multiple code changes, with separate applies for each change.