Problem
When a resource managed by Terraform no longer exists in your cloud environment but its reference remains in the Terraform state file, terraform plan or terraform apply runs may fail. This happens because Terraform attempts to refresh the state of the non-existent resource, leading to an error.
You may encounter an error similar to the following during the plan phase:
Error when reading or editing ComputeResourcePolicy "projects/example-project/regions/us-central1/resourcePolicies/sample-resource-policy-invalid": googleapi: Error 400: Invalid value for field 'resourcePolicy': 'sample-resource-policy-invalid'. Must be a match of regex '[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}', invalidIn this example, a google_compute_resource_policy was created with a name that did not meet the provider's naming requirements. Even after deleting the resource in the cloud and corrected the name to a valid format in the configuration, the invalid reference persists in the state, causing subsequent runs to fail.
Prerequisites
- You have confirmed that the resource no longer exists in the cloud infrastructure and is safe to remove from the Terraform state.
- You have access to the HCP Terraform workspace settings to manage variables.
Procedure
To resolve this issue, you will temporarily disable state refresh and use a removed block to instruct Terraform to drop the resource from its state file during the next apply.
Step 1: Disable Automatic State Refresh
Terraform refreshes the state by default before a plan or apply, which will fail if a resource is unreadable. To prevent this, set environment variables in your HCP Terraform workspace to disable the refresh operation.
- Navigate to your workspace's Variables settings.
-
Add the following two Environment Variables:
TF_CLI_ARGS_plan="-refresh=false"
TF_CLI_ARGS_apply="-refresh=false"
Step 2: Target the Specific Resource
To limit Terraform's actions to only the resource you intend to remove, you can use the -target option. This is a safeguard to prevent unintended changes to other resources.
Add the following Environment Variable, replacing <resource_address> with the address of the resource you are removing (e.g., google_compute_resource_policy.invalid_policy).
TF_CLI_ARGS="-target=<resource_address>"
Note: The TF_CLI_ARGS variable applies to all Terraform commands. It will be combined with the command-specific TF_CLI_ARGS_plan and TF_CLI_ARGS_apply variables.
Step 3: Use a removed Block in Your Configuration
In your Terraform configuration code, add a removed block to declare that the resource should be removed from the state file.
- Ensure the original
resourceblock for the problematic resource is completely deleted from your configuration. - Add the following
removedblock, replacing thefromargument with the address of the resource to remove.
removed {
from = google_compute_resource_policy.invalid_policy
## Replace the resource address above with the one you need to remove.
}Step 4: Run Plan and Apply
Queue a new plan in your workspace. The plan output should indicate that one resource will be removed from the state.
Terraform will perform the following actions:
# google_compute_resource_policy.invalid_policy will be removed from state
- resource "google_compute_resource_policy" "invalid_policy" {
## ... (attributes will be shown)
}
Plan: 0 to add, 0 to change, 0 to destroy.
One resource will be removed from the Terraform state.After confirming the plan is correct, apply the changes. This action modifies the state file but does not affect any real infrastructure.
Step 5: Clean Up
Once the apply is successful, complete the following cleanup steps:
-
Remove the
removedblock from your Terraform configuration. -
Delete the environment variables (
TF_CLI_ARGS_plan,TF_CLI_ARGS_apply, andTF_CLI_ARGS) from your HCP Terraform workspace settings.
Your workspace is now clean and subsequent runs will proceed without errors related to the removed resource.