Search code examples
foreachterraformdestroyterraform0.12+

Terraform 14.2: 'Error: Invalid index: This value does not have any indices' on destroy-time provisioner on a destroy-time resource

I have a create provisioner and a destroy provisioner. I've read that apparently, triggers might solve this problem, so they're integrated here, but while this succeeds to build the resources, it doesn't let them destroy this module.thingx.null_resource.script-stuff resource. I'm not sure I'm using triggers correctly here, and it's more confusing that create time apply works fine, but the destroy time apply fails with the mentioned error.

Here is the module null resource that apparently the error is referring to; includes both the create and destroy time provisioners:

resource "null_resource" "script-stuff" {

### -- testing triggers
  triggers = {
     dns_zones = var.dns_zones[each.key]
     dnat_ip = google_compute_instance.server[each.key].network_interface.0.access_config.0.nat_ip
     pem = tls_private_key.node_ssh[each.key].private_key_pem
  } ### -- end testing
  
  depends_on = [google_compute_instance.server, google_project_iam_member.list-sa]
  for_each   = var.list_map

  provisioner "remote-exec" {
    when = create
    inline = [
      "cat ${var.dns_zones[each.key]} > /dev/null",
      "sensitive-script.sh --create"
    ]
    connection {
      type        = "ssh"
      host        = google_compute_instance.server[each.key].network_interface[0].access_config[0].nat_ip
      user        = "common-user"
      private_key = tls_private_key.node_ssh[each.key].private_key_pem
    }
  }

   provisioner "remote-exec" {
     when = destroy
     inline = [
      # "echo ${var.dns_zones[each.key]} > /dev/null", #<-- this doesn't work when terraform is destroying
      "echo ${self.triggers.dns_zones[each.key]} > /dev/null",
       "sensitive-script.sh --destroy"
     ]
     connection {
       type        = "ssh"
       #host        = google_compute_instance.server[each.key].network_interface[0].access_config[0].nat_ip #<-- this doesn't work when terraform is destroying
       host        = self.triggers.dnat_ip
       user        = "common-user"
       #private_key = tls_private_key.node_ssh[each.key].private_key_pem #<-- this doesn't work when terraform is destroying
       private_key = self.triggers.pem
     }
   }

 }
Solution

  • destroy triggered provisioners do not support variables as explained in this GitHub issue:

    So you can't have any variable in "echo ${var.dns_zones[each.key]} > /dev/null".