"When Destroy" with local-exec provisioner doesn't work with terraform apply

[kshabu]

Terraform Version

v0.13.4

...

Terraform Configuration Files

resource "null_resource" "pgi_private_endpoint" {
count = var.pgi_private_endpoint_enabled ? 1 : 0
triggers = {
pgi_subscription_id = split("/", coalesce(var.pgi_subnet_id, local.pl_pgi_subnet_id[0]))[2]
pgi_resource_group = coalesce(var.pgi_resource_group, local.pl_pgi_resource_group[0])
pgi_endpoint_name = "${var.resource_name}-pgi"
pgi_private_dnsgroup_name = "${var.resource_name}-pgipdnsgroup"
}

provisioner "local-exec" {
command = "az network private-endpoint create --name ${self.triggers.pgi_endpoint_name} --connection-name ${var.resource_name}-pepcon --subscription ${self.triggers.pgi_subscription_id} --resource-group ${self.triggers.pgi_resource_group} --private-connection-resource-id ${var.connection_resource_id} --subnet ${coalesce(var.pgi_subnet_id, local.pl_pgi_subnet_id[0])} --group-id ${local.subresource_name} "
}

provisioner "local-exec" {
when = destroy
command = "az network private-endpoint dns-zone-group delete --subscription ${self.triggers.pgi_subscription_id} --resource-group ${self.triggers.pgi_resource_group} --endpoint-name ${self.triggers.pgi_endpoint_name} --name ${self.triggers.pgi_private_dnsgroup_name} "
}

...

Debug Output

module.tf_azure_private_endpoint_lpsapep01.null_resource.pgi_private_endpoint[0]: Destroying... [id=1506452092383106637]
module.tf_azure_private_endpoint_lpsapep01.null_resource.pgi_private_endpoint[0]: Destruction complete after 0s
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-98b0d505fe94/resourceGroups/az-rg-launchpaduat-sk-01/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/lpsapepjan1102-link]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 10s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 20s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 30s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 40s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 50s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m0s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m10s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m20s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m30s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m40s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 1m50s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...irtualNetworkLinks/lpsapepjan1102-link, 2m0s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone_virtual_network_link.private_dns_zone_vnet_link: Destruction complete after 2m1s
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone.private_dns_zone: Destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-98b0d505fe94/resourceGroups/az-rg-launchpaduat-sk-01/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone.private_dns_zone: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...ones/privatelink.blob.core.windows.net, 10s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone.private_dns_zone: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...ones/privatelink.blob.core.windows.net, 20s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone.private_dns_zone: Still destroying... [id=/subscriptions/6f1485ea-9487-4684-80a0-...ones/privatelink.blob.core.windows.net, 30s elapsed]
module.tf_azure_private_endpoint_lpsapep01.module.private_endpoint_private_dns[0].azurerm_private_dns_zone.private_dns_zone: Destruction complete after 31s

Apply complete! Resources: 0 added, 0 changed, 3 destroyed.
[Pipeline] }

Crash Output

It doesn't crashes

Expected Behavior

It should have delete the resources which was created by local execute.

Actual Behavior

It doesn't destroy the resources but reports as it been deleted.

Steps to Reproduce

1. Use local exec as shown in the configuration section and create resource using AZ CLI commands.
2. Do Terraform Apply with the configured template file to create the resources
3. keep the state persists and empty the template file
4. Then terraform Apply
5. Terraform apply will identify that resources needs to be deleted then it will try to destroy it. But it will not actually destroy the resources created by AZ CLI. (There was when destroy command was used with AZ CLI to destroy the resources.)

Additional Context

provisioner "local-exec" {
when = destroy
command = " "
}

The when destroy AZ CLI command works as expected when terraform destroy command. But with Terraform Apply where Terraform automatically identify the resources needs to be destroyed doesn't execute the AZ CLI command with When Destroy.

[jbardin]

Duplicate of #13549

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.