### Terraform Version ```shell Terraform v1.9.6 on windows_amd64 + provider registry.terraform.io/hashicorp/random v3.6.3 ``` I also tested it with 1.7 ### Terraform Configuration Files ```terraform terraform { required_providers { random = { source = "hashicorp/random" } } } resource "random_password" "token" { # first run `terraform apply` with this named `token_old` length = 32 special = false } # this works #moved { # from = random_password.token_old # to = random_password.token #} # this is the bug and causes a destroy and create locals { old_token = "random_password.token_old" } moved { from = locals.old_token to = random_password.token } # this is not valid: # A single static variable reference is required: only attribute access and # │ indexing with constant keys. No calculations, function calls, template # │ expressions, etc are allowed here. # # moved { # from = "random_password.token_old" # to = "random_password.token" # } ``` ### Debug Output ``` terraform plan random_password.token_old: Refreshing state... [id=none] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create - destroy Terraform will perform the following actions: # random_password.token will be created + resource "random_password" "token" { + bcrypt_hash = (sensitive value) + id = (known after apply) + length = 32 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (sensitive value) + special = false + upper = true } # random_password.token_old will be destroyed # (because random_password.token_old is not in configuration) - resource "random_password" "token_old" { - bcrypt_hash = (sensitive value) -> null - id = "none" -> null - length = 32 -> null - lower = true -> null - min_lower = 0 -> null - min_numeric = 0 -> null - min_special = 0 -> null - min_upper = 0 -> null - number = true -> null - numeric = true -> null - result = (sensitive value) -> null - special = false -> null - upper = true -> null } Plan: 1 to add, 0 to change, 1 to destroy. ``` ### Expected Behavior it should also move the resource like in the first, commented out, example: ``` moved { from = random_password.token_old to = random_password.token } ``` ``` terraform plan random_password.token: Refreshing state... [id=none] Terraform will perform the following actions: # random_password.token_old has moved to random_password.token resource "random_password" "token" { id = "none" # (12 unchanged attributes hidden) } Plan: 0 to add, 0 to change, 0 to destroy. ``` ### Actual Behavior the resource is not moved but destroyed and created when using: ``` locals { old_token = "random_password.token_old" } moved { from = locals.old_token to = random_password.token } ``` ### Steps to Reproduce - change example to be `resource "random_password" "token_old"` instead of `resource "random_password" "token"` - `terraform init` - `terraform apply` - change example to be `resource "random_password" "token"` instead of `resource "random_password" "token_old"` - `terraform plan` - see the bug ### Additional Context tested in CI/CD with version 1.7 tested on windows with 1.9 The Idea behind using locals is that I can use variables inside the names of the resources. I needed this since I'm migrating away from a lib which dynamically created tf.json files and used env vars to name the resources. ### References _No response_