Local-exec provider and attribute references - i don't get it

hi there, i am trying to manage database users along with the database for an azure instance, and this is surprisingly … impossible. I thought I found a way using a local-exec provider, but … well, apparently not. the code and the error message are below.

it boils down to terraform complaining that I reference non-static stuff from other resources, which I just … don’t. I only use static parameters, nothing else. what I don’t understand is that I can reference variables even in provider configs - but for destroy provisioners it’s too dynamic? or did nobody ever try this before me? (no way, actually … :laughing:)

appreciate any help!

and on to the code … :

esource "azurerm_postgresql_database" "db" {
  server_name         = var.server_name
  resource_group_name = var.server_rg
  name                = var.db_name
  charset             = var.db_charset
  collation           = var.db_collation # see here https://is.gd/Hb9Pxw

  provisioner "local-exec" {
    command = "${path.module}/mgt-user.sh create '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"

  provisioner "local-exec" {
    when    = destroy
    command = "${path.module}/mgt-user.sh destroy '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"

now when I run terraform init i get this:

Error: Invalid reference from destroy provisioner

  on ../modules/dbs/pg-db-and-user/db_and_user.tf line 27, in resource "azurerm_postgresql_database" "db":
  27:     command = "echo ${path.module}/create_user.sh destroy '${var.server_fqdn}' '${var.server_admin_user}' '${var.db_name}' '${var.db_user_pass}'"

Destroy-time provisioners and their connection configurations may only
reference attributes of the related resource, via 'self', 'count.index', or

References to other resources during the destroy phase can cause dependency
cycles and interact poorly with create_before_destroy.