### Terraform Version Both Terraform 0.12.9 and Terraform 0.13.0: ``` Terraform v0.12.29 + provider.local v1.4.0 + provider.null v2.1.2 ``` ``` Terraform v0.13.0 + provider registry.terraform.io/-/local v1.4.0 + provider registry.terraform.io/-/null v2.1.2 + provider registry.terraform.io/hashicorp/local v1.4.0 + provider registry.terraform.io/hashicorp/null v2.1.2 ``` ### Terraform Configuration Files `terraform.tf`: ```terraform terraform { required_version = ">= 0.12.29" required_providers { local = { source = "hashicorp/local" version = "~> 1.4.0" } null = { source = "hashicorp/null" version = "~> 2.1.2" } } } ``` `main.tf`: ```terraform variable file_contents { description = "map of filenames to contents" type = map(string) } resource null_resource provisioner { for_each = var.file_contents triggers = { file_id = local_file.file[each.key].id name = each.key } provisioner local-exec { command = "echo Running create provisioner for ${self.triggers.name}; sleep 5" } provisioner local-exec { when = destroy command = "echo Running destroy provisioner for ${self.triggers.name}; sleep 5" } } resource local_file file { for_each = var.file_contents filename = "${path.root}/${each.key}" content = each.value } ``` `variables.auto.tfvars`: ```hcl file_contents = { test1 = "test1" test2 = "test2" } ``` ### Expected Behavior * When destroying `local_file.file["test1"]`, only `local_file.file["test1"]` and `null_resource.provisioner["test1"]` should be destroyed. ### Actual Behavior * When destroying `local_file.file["test1"]`, `null_resource.provisioner["test2"]` is unexpectedly destroyed in addition to `local_file.file["test1"]` and `null_resource.provisioner["test1"]`. ### Steps to Reproduce 1. `terraform init` 2. `terraform apply` 3. `terraform destroy -target=local_file.file["test1"]` ### Additional Context * The use of `null_resource` is advised as a workaround for the destroy provisioner changes introduced in #24083 by @jbardin . As demonstrated, in a common use-case with `for_each` used to generate clusters of resources, were the destroy provisioner to run for *all* resources when a single resource is destroyed the impact could be catastrophic. * In other use-cases where, for example, `time_static` replaces `null_resource`, the destruction of one item results in the destruction of all items' associated resources (e.g. creation timestamp). * `terraform taint 'local_file.file["test1"]'` works as expected: only the `test1` related objects are touched. * Changes to the `file_contents` map have the expected behaviour. Namely, removing an existing key or adding a new key result in the expected minimal number of changes affecting only objects directly related to that key. ### References - #24083