hi there, i am trying to manage database users along with the database for an azure instance, and this is surprisingly … impossible. I thought I found a way using a local-exec provider, but … well, apparently not. the code and the error message are below.
it boils down to terraform complaining that I reference non-static stuff from other resources, which I just … don’t. I only use static parameters, nothing else. what I don’t understand is that I can reference variables even in provider configs - but for destroy provisioners it’s too dynamic? or did nobody ever try this before me? (no way, actually … 
)
appreciate any help!
and on to the code … :
esource "azurerm_postgresql_database" "db" {
server_name = var.server_name
resource_group_name = var.server_rg
name = var.db_name
charset = var.db_charset
collation = var.db_collation # see here https://is.gd/Hb9Pxw
provisioner "local-exec" {
command = "${path.module}/mgt-user.sh create '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"
}
provisioner "local-exec" {
when = destroy
command = "${path.module}/mgt-user.sh destroy '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"
}
}
now when I run terraform init i get this:
Error: Invalid reference from destroy provisioner
on ../modules/dbs/pg-db-and-user/db_and_user.tf line 27, in resource "azurerm_postgresql_database" "db":
27: command = "echo ${path.module}/create_user.sh destroy '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"
Destroy-time provisioners and their connection configurations may only
reference attributes of the related resource, via 'self', 'count.index', or
'each.key'.
References to other resources during the destroy phase can cause dependency
cycles and interact poorly with create_before_destroy.