Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: aws_route53_zone with force_destroy fails to delete zone on destroy #12407

Closed
ryane opened this issue Mar 3, 2017 · 1 comment · Fixed by #12421
Closed

provider/aws: aws_route53_zone with force_destroy fails to delete zone on destroy #12407

ryane opened this issue Mar 3, 2017 · 1 comment · Fixed by #12421
Labels
bug provider/aws

Comments

@ryane
Copy link
Contributor

ryane commented Mar 3, 2017

Terraform Version

$ terraform version
Terraform v0.8.8

Affected Resource(s)

  • aws_route53_zone

Terraform Configuration Files

provider "aws" {
  region = "us-east-1"
}

resource "aws_route53_zone" "public" {
  name          = "myexample.com."
  force_destroy = true
}

output "zone_id" {
  value = "${aws_route53_zone.public.id}"
}

Debug Output

https://gist.github.com/ryane/ba584cdb3023b4f02dfe9cb4dfb2225a

Expected Behavior

It is my understanding that setting force_destroy = true should tell Terraform to delete all records in the zone when it destroys the resource even if it contains records that are not managed by Terraform.

Actual Behavior

Destroying fails with this error:

* aws_route53_zone.public: HostedZoneNotEmpty: The specified hosted zone contains non-required resource record sets  and so cannot be deleted.
        status code: 400, request id: e466d633-0014-11e7-a009-8d1bd2e9a272

Steps to Reproduce

  1. Run terraform apply. This should complete successfully.
  2. Create a record in the zone that is outside of Terraform control. For example:

create.json:

{
  "Comment": "Create an A record",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "test.myexample.com.",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [
          {
            "Value": "8.8.8.8"
          }
        ]
      }
    }
  ]
}
$ aws route53 change-resource-record-sets \
   --hosted-zone-id $(terraform output zone_id) \
   --change-batch file://create.json
  1. Run terraform destroy
$ terraform destroy -force
aws_route53_zone.public: Refreshing state... (ID: Z273D4PE6ATWJH)
aws_route53_zone.public: Destroying...
Error applying plan:

1 error(s) occurred:

* aws_route53_zone.public: HostedZoneNotEmpty: The specified hosted zone contains non-required resource record sets  and so cannot be deleted.
        status code: 400, request id: e466d633-0014-11e7-a009-8d1bd2e9a272

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
ryane added a commit to ryane/terraform that referenced this issue Mar 3, 2017
@ryane
provider/aws: fix aws_route53_zone force_destroy behavior
545a352 
The conditional to ignore the deletion of NS and SOA records can fail to
match if the hostedZoneName already ends with a ".". When that happens,
terraform tries to delete those records which is not supported by AWS
and results in a 400 bad request. This fixes the conditional so that it
will work whether or not hostedZoneName ends with a ".".

fixes hashicorp#12407
@ryane ryane mentioned this issue Mar 3, 2017
Merged
radeksimko pushed a commit that referenced this issue Apr 23, 2017
@ryane @radeksimko
provider/aws: fix aws_route53_zone force_destroy behavior (#12421)
e2ee211 
The conditional to ignore the deletion of NS and SOA records can fail to
match if the hostedZoneName already ends with a ".". When that happens,
terraform tries to delete those records which is not supported by AWS
and results in a 400 bad request. This fixes the conditional so that it
will work whether or not hostedZoneName ends with a ".".

fixes #12407
@acobaugh acobaugh mentioned this issue Feb 15, 2018
Closed
@ghost
Copy link

ghost commented Apr 13, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

provider/aws: fix aws_route53_zone force_destroy behavior ryane/terraform
2 participants
@ryane @paddycarver