member badge
Andreas Grub
Problem / Use Case
When a Building Block in meshStack uses the Public API with an ephemeral API key to create a project, tenant, or nested building block, that resource is effectively managed as-code via Terraform. The meshStack panel currently shows a standard "Delete" action for these resources — with no indication that they are Terraform-managed and no guardrails to prevent bypassing the Terraform lifecycle.
This creates two concrete problems:
  • Infrastructure drift: deleting a resource from the panel does not clean up the Terraform state, leaving the Building Block run in an inconsistent state or causing errors on the next run.
  • Confusing UX: platform users and engineers have no indication that a resource was created by a Building Block, and no guidance that the correct deletion path is through the parent Building Block instance — not through the panel's delete button.
Value / Impact
  • Prevents accidental infrastructure drift when Building Blocks manage resources via the Public API.
  • Gives platform engineers a clear, guided deletion path: remove the Building Block instance that created the resource, and Terraform will handle cleanup automatically.
  • Reduces support tickets from users stuck in inconsistent or permanently "pending deletion" states.
  • Builds naturally on the already-implemented ephemeral API key infrastructure to deliver a coherent "managed as-code" experience end-to-end.
Proposed Behavior
  • When a project, tenant, or building block instance is created via an ephemeral API key (i.e., from a Building Block run), meshStack records this origin.
  • In the panel, attempting to delete such a resource should replace or annotate the delete action with a clear warning and a direct link to the parent Building Block instance: "This resource is managed by [Building Block Name]. Remove the Building Block instance to trigger proper cleanup via Terraform."
  • Admins may optionally be given a force-delete option with explicit acknowledgement of the risk.
Context / Links