Scheduling resource destruction fails with required field not set

[annismckenzie]

Terraform Version

v0.10.5

Terraform Configuration Files

// module/module.tf
variable "region" {}
variable "credentials_file" {}

provider "aws" {
  region                  = "${var.region}"
  shared_credentials_file = "${var.credentials_file}"
}

data "aws_route53_zone" "main" {
  name = "test.sx"
}

resource "aws_route53_record" "main" {
  zone_id = "${data.aws_route53_zone.main.zone_id}"
  name    = "test"
  type    = "A"
  ttl     = "60"
  records = ["192.168.0.1"]
}

// main.tf
module "dns_record" {
  source = "module/"
  region = "eu-central-1"
  credentials_file = "mycredentials"
}

The code above creates a new AWS record for you. Next you want to delete this record completely.

Expected Behavior

Removing the record from main.tf should schedule it for destruction.

Actual Behavior

If you remove the module call from your main.tf, you get an error like: module.dns_record.provider.aws: "region": required field is not set.
The only way to remove it is:

• terraform plan --target=module.dns_record --destroy -out=destroy_plan
• terraform apply destroy_plan
  And then remove the code from the main.tf.

/cc @radeksimko because we talked about this in the Hub at HashiConf 2017 and he thinks it sounds like a bug.

/cc @arminbuerkle because he reported it to me.

[apparentlymart]

Hi @annismckenzie!

I think here you've hit the limitation described in #15762. It looks like you have a provider block inside that module, which causes some trouble when you remove the module since Terraform no longer has the provider configuration it needs to destroy the resources.

You seem to have already discovered the workaround I described in that issue. Agreed that this is awkward and messy. It's not clear yet exactly how we will solve this, since it suggests we need to retain some provider configuration in the state but we currently don't do that to avoid retaining credentials.

There is some work going on right now to address some limitations of how providers and modules interact; it's not clear yet whether we'll be able to address this particular issue as part of that, but we're going to try.

I'm going to close this just to consolidate the discussion in #15762. Thanks again for reporting this and sharing your workaround!

[annismckenzie]

Sorry about the duplicate – I'll follow the discussion in the original issue. Thanks for the quick reply!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.