`terraform destroy` with enabled protection mode causes VM to shutdown

[maksimsamt]

System details:

• Proxmox VE 8.2.2
• Terraform v1.8.4
• terraform-provider-proxmox v3.0.1-rc3

As per documentation:

protection: Enable/disable the VM protection from being removed. The default value of false indicates the VM is removable.

Setting this value to true and running terraform destroy gives the following result:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # proxmox_vm_qemu.cloud_vm_from_packer_template will be destroyed
  - resource "proxmox_vm_qemu" "cloud_vm_from_packer_template" {

  ...
        - protection             = true -> null
  ...

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

proxmox_vm_qemu.cloud_vm_from_packer_template: Destroying... [id=***/qemu/***]
╷
│ Error: 500 can't remove VM *** - protection mode enabled

Everything looks fine, but this action causes VM to shutdown.

I expected that in protection mode VM state would remain untouched, for example, keeps running.

The second thing, is protection argument redundant? (resolved, not redundant, answer https://github.com/Telmate/terraform-provider-proxmox/issues/1043#issuecomment-2162658126)

Cause that protection from destroy can be achieved using Terraform built-in lifecycle meta-argument, for example:

...
resource "proxmox_vm_qemu" "cloud_vm_from_packer_template" {
...
  # https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle
  lifecycle {
    prevent_destroy = true
  }
...
}
...

In this case gives such result:

│ Error: Instance cannot be destroyed
│ 
│   on main.tf line 42:
│   42: resource "proxmox_vm_qemu" "cloud_vm_from_packer_template" {
│ 
│ Resource proxmox_vm_qemu.cloud_vm_from_packer_template has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or reduce the scope of the
│ plan using the -target option.

[Tinyblargon]

@maksimsamt The protection is about the protection flag in proxmox. That you can't delete it with it enabled is a known issue https://github.com/Telmate/proxmox-api-go/issues/330

[maksimsamt]

@Tinyblargon,

The protection is about the protection flag in proxmox

Thanks, got it.

That you can't delete it with it enabled is a known issue

Isn't this expected behavior? This is exactly the behavior I expect...

But what about this?

Everything looks fine, but this action causes VM to shutdown. I expected that in protection mode VM state would remain untouched, for example, keeps running.

[github-actions[bot]]

This issue is stale because it has been open for 60 days with no activity. Please update the provider to the latest version and, in the issue persist, provide full configuration and debug logs

[maksimsamt]

still actual:

Everything looks fine, but this action causes VM to shutdown. I expected that in protection mode VM state would remain untouched, for example, keeps running.