v0.15 Terraform doesn't read local via destroy

[magodo]

Terraform Version

v0.15

Terraform Configuration Files

locals {
  subscription_id = "xxxx"
}

provider "azurerm" {
  subscription_id = local.subscription_id

  features {}
}

resource "azurerm_resource_group" "test-rg" {
  name     = "Test-RG123"
  location = "UK South"
}

Debug Output

debug

2021-04-17T09:41:56.615+0800 [DEBUG] Adding temp file log sink: /tmp/terraform-log306536474
2021-04-17T09:41:56.615+0800 [INFO]  Terraform version: 0.15.0
2021-04-17T09:41:56.615+0800 [INFO]  Go runtime version: go1.16.2
2021-04-17T09:41:56.615+0800 [INFO]  CLI args: []string{"/home/magodo/.local/bin/terraform-0.15.0", "destroy"}
2021-04-17T09:41:56.615+0800 [DEBUG] Attempting to open CLI config file: /home/magodo/.terraformrc
2021-04-17T09:41:56.615+0800 [INFO]  Loading CLI configuration from /home/magodo/.terraformrc
2021-04-17T09:41:56.615+0800 [DEBUG] checking for credentials in "/home/magodo/.terraform.d/plugins"
2021-04-17T09:41:56.615+0800 [DEBUG] Explicit provider installation configuration is set
2021-04-17T09:41:56.616+0800 [INFO]  CLI command args: []string{"destroy"}
2021-04-17T09:41:56.617+0800 [DEBUG] New state was assigned lineage "4bec75c0-4c93-8048-4803-307479866ca5"
2021-04-17T09:41:57.128+0800 [DEBUG] checking for provisioner in "."
2021-04-17T09:41:57.128+0800 [DEBUG] checking for provisioner in "/home/magodo/.local/bin"
2021-04-17T09:41:57.128+0800 [DEBUG] checking for provisioner in "/home/magodo/.terraform.d/plugins"
2021-04-17T09:41:57.129+0800 [INFO]  Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
2021-04-17T09:41:57.129+0800 [INFO]  backend/local: starting Apply operation
2021-04-17T09:41:57.130+0800 [DEBUG] created provider logger: level=off
2021-04-17T09:41:57.345+0800 [DEBUG] No provider meta schema returned
2021-04-17T09:41:57.374+0800 [INFO]  terraform: building graph: GraphTypeValidate
2021-04-17T09:41:57.374+0800 [DEBUG] ProviderTransformer: "azurerm_resource_group.test-rg" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/hashicorp/azurerm"]
2021-04-17T09:41:57.374+0800 [DEBUG] ReferenceTransformer: "azurerm_resource_group.test-rg" references: []
2021-04-17T09:41:57.374+0800 [DEBUG] ReferenceTransformer: "local.subscription_id (expand)" references: []
2021-04-17T09:41:57.375+0800 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/azurerm\"]" references: [local.subscription_id (expand)]
2021-04-17T09:41:57.375+0800 [DEBUG] Starting graph walk: walkValidate
2021-04-17T09:41:57.375+0800 [DEBUG] created provider logger: level=off
2021-04-17T09:41:57.568+0800 [DEBUG] No provider meta schema returned
2021-04-17T09:41:57.640+0800 [INFO]  backend/local: apply calling Plan
2021-04-17T09:41:57.640+0800 [INFO]  terraform: building graph: GraphTypePlan
2021-04-17T09:41:57.640+0800 [DEBUG] ProviderTransformer: "azurerm_resource_group.test-rg (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/hashicorp/azurerm"]
2021-04-17T09:41:57.640+0800 [DEBUG] ReferenceTransformer: "azurerm_resource_group.test-rg (expand)" references: []
2021-04-17T09:41:57.641+0800 [DEBUG] ReferenceTransformer: "local.subscription_id (expand)" references: []
2021-04-17T09:41:57.641+0800 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/azurerm\"]" references: [local.subscription_id (expand)]
2021-04-17T09:41:57.641+0800 [DEBUG] Starting graph walk: walkPlan
2021-04-17T09:41:57.641+0800 [DEBUG] created provider logger: level=off
2021-04-17T09:41:57.828+0800 [DEBUG] No provider meta schema returned
2021-04-17T09:41:57.896+0800 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/hashicorp/azurerm\"]" changed the config value, but that value is unused
2021-04-17T09:42:06.147+0800 [DEBUG] ReferenceTransformer: "azurerm_resource_group.test-rg" references: []
�[0m�[1mazurerm_resource_group.test-rg: Refreshing state... [id=/subscriptions/xxxx/resourceGroups/Test-RG123]�[0m
2021-04-17T09:42:06.712+0800 [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an unexpected new value for azurerm_resource_group.test-rg during refresh.
      - .tags: was null, but now cty.MapValEmpty(cty.String)
2021-04-17T09:42:06.714+0800 [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_resource_group.test-rg, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
2021-04-17T09:42:06.717+0800 [INFO]  terraform: building graph: GraphTypePlanDestroy
2021-04-17T09:42:06.717+0800 [DEBUG] ProviderTransformer: "azurerm_resource_group.test-rg" (*terraform.NodePlanDestroyableResourceInstance) needs provider["registry.terraform.io/hashicorp/azurerm"]
2021-04-17T09:42:06.718+0800 [DEBUG] Starting graph walk: walkPlan
2021-04-17T09:42:06.718+0800 [DEBUG] created provider logger: level=off
2021-04-17T09:42:06.925+0800 [DEBUG] No provider meta schema returned
2021-04-17T09:42:07.009+0800 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/hashicorp/azurerm\"]" changed the config value, but that value is unused
╷
│ Error: Error building AzureRM Client: 1 error occurred:
│       * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
│
│
│
│   on main.tf line 15, in provider "azurerm":
│   15: provider "azurerm" {
│
╵

Crash Output

Expected Behavior

terraform destroy successfully destroy the rg.

Actual Behavior

terraform destroy failed to destroy the rg because it failed to setup the provider, lacking of the subscription id, which is referenced via local variable.

Steps to Reproduce

1. terraform init
2. terraform apply
3. terraform destroy

Additional Context

In v0.14, the destroy step includes only GraphTypeValidate and GraphTypePlanDestroy, whilst the v0.15 introduce another GraphTypePlan in between. Not sure whether this introduce the issue. Also, I'm curious why v0.14 can resolve the local variable given the GraphTypePlanDestroy doesn't have a ReferenceTransformer.

References

• Error when running destroy since updating to Terraform 0.15.0 terraform-provider-azurerm#11355

[jbardin]

Thanks @magodo,

The destroy plan in 0.14 should not be any different, and both looks the same. What I suspect is going on here is simply an issue regarding stricter validation; 0.15 is attempting to validate the provider configuration during the destroy plan when we don't intend to call it until apply.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.