search

aliyun / terraform-provider-alicloud

Terraform AliCloud provider
https://www.terraform.io/docs/providers/alicloud/
Mozilla Public License 2.0
587 stars 550 forks source link

Unable to destroy a CEN due to routing tables created by Terraform's process #6131

Open arLevi opened 1 year ago

arLevi commented 1 year ago

Terraform Version

$ terraform -v
Terraform v1.4.6
on darwin_arm64
+ provider registry.terraform.io/aliyun/alicloud v1.190.0
+ provider registry.terraform.io/hashicorp/local v2.4.0

Affected Resource(s)

CEN / VPC

Terraform Configuration Files


We're using the following configuration example:
resource "alicloud_cen_transit_router_peer_attachment" "created" {
  ...
  auto_publish_route_enabled          = true
  route_table_association_enabled  = true
  route_table_propagation_enabled = true
  ...
}

resource "alicloud_cen_transit_router_vpc_attachment" "created" {
  ...
  route_table_association_enabled = true
  route_table_propagation_enabled = true
  ...
}

resource "alicloud_route_entry" "created" {
  ...
  nexthop_type = "Attachment"
  nexthop_id = alicloud_cen_transit_router_vpc_attachment.created.transit_router_attachment_id
  ...
}

Debug Output

https://gist.github.com/arLevi/91c0371dde2edaecb189c98b6b67c41e

Expected Behavior

I expect that terraform destroy will deassociate and unattache the routing tables before trying to remove the transit-routers. Or a way to tell terraform to run X tasks before the actual destroy begins.

Actual Behavior

Receiving errors with the debug messages inside the gist link. it cannot destroy the CEN while the TR associate & propagate exists.

Steps to Reproduce

  1. Run any configuration with a CEN including the lines mentioned above
  2. Run terraform apply - this should work just fine
  3. Try then to run terraform destroy you should see the error.

Thanks

arLevi commented 1 year ago

For now, what we're done is basically saying "if Terraform didn't create the resource - i won't be able to destroy" - so we're creating the resources vs using the parameters, but that could have saved many lines of code:

# Replacing this
 route_table_association_enabled = true
 route_table_propagation_enabled = true

# With this:
resource "alicloud_cen_transit_router_route_table_association" "related_vpc" { ... }
resource "alicloud_cen_transit_router_route_table_propagation" "related_vpc" { ... }

resource "alicloud_cen_transit_router_route_table_association" "related_peer" { ... }
resource "alicloud_cen_transit_router_route_table_propagation" "related_peer" { ... }

Can you please fix it ? when wanting to destroy a CEN - it should destroy automatically everything related to the CEN ( including transit routers, router associations etc ... )