bug: changing order of resource_access
in azuread_application
destroys and recreats all resource_access
#1182
Labels
resource_access
in azuread_application
destroys and recreats all resource_access
#1182
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.5.6
on windows_amd64
Affected Resource(s)
azuread_application
Terraform Configuration Files
Debug Output
Logs
Panic Output
None
Expected Behavior
Changing the order of
resource_access
inrequired_resource_access
should not destroy and recreate therequired_resource_access
field.Actual Behavior
Changing the order of
resource_access
inrequired_resource_access
destroys and recreates therequired_resource_access
field. Resulting in lost admin grants.Since admin grants can not be done in terraform (as far as I know)this could destroy the functionality of the App registration.Update: Thank you @manicminer for pointing out that admin-grants can be done with terraform using
azuread_app_role_assignment
orservice_principal_delegated_permission_grant
. Unfortunately users need admin permissions to grant them, but do not need admin permissions to create/deleteresource_access
. So using the above resources can be a work-around if the needed permissions are granted. Otherwise just make sure to dont change the order ofresource_access
for now.Steps to Reproduce
terraform init
terraform apply
resource_access
inrequired_resource_access
terraform apply
Important Factoids
References
The text was updated successfully, but these errors were encountered: