Defining provider in the module makes it impossible to remove the module from the project.
Closed this issue · 2 comments
While experimenting with this module, I've noticed the following issue:
after wanting to remove the module from my terraform config and the state, terraform apply fails with a bunch of errors that look like the one below.
In the terraform state, all GCP resources reference the provider defined in the module that does not exist after the module is deleted. The only way to remove the resources was using terraform destroy -target=... and listing the vault resources one by one.
Error: Provider configuration not present
To work with module.vault.module.vault.google_kms_crypto_key_iam_member.ck-iam
its original provider configuration at
module.vault.module.vault.provider.google is required, but it has been
removed. This occurs when a provider configuration is removed while objects
created by that provider still exist in the state. Re-add the provider
configuration to destroy
module.vault.module.vault.google_kms_crypto_key_iam_member.ck-iam, after which
you can remove the provider configuration again.
This is a known Terraform limitation where Terraform requires the original configuration for destroy options. hashicorp/terraform#18994
Probably for exactly that reason Terraform doc suggests not defining providers in sub-modules. Removing the provider and just inheriting (maybe with requiring provider version - see the link below) would make this module way more safe to use. Destroying 43 resources is not fun, even if it can be scripted.
https://www.terraform.io/docs/configuration/modules.html#providers-within-modules