-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Management System-Assigned Principal Id can't be used in Key Vault Access Policy before manual creation #13320
Comments
This also occurs with creating rbac access policies that use azurerm_app_service you have to crete the app service first and then the access policies on a second apply run |
I can confirm this.
|
I have the same issue with an |
I had the same problem, but only if the resource existed before. I could fix it by adding the service identity manually in azure. Afterwards, it worked fine. Or you create all resources from scratch. That should also work. |
Yes, I also recognized that. When the resource is created from scratch it works. To summarize the other posts: Several resources are affected. When the resource exists and the managed identity should be added (the resource gets updated) it fails. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
I just now faced this issue by simply following documentation on managing certificates in API Management. Any ideas about a workaround which could be contained only in Terraform? |
As a workaround, you can use |
You are right. Also within hidden comments, there was an exact workaround. Maybe such comments should not be hidden? EDIT: actually, it was yours comment :D |
Community Note
Terraform (and AzureRM Provider) Version
Terraform v1.0.4
azurerm version 2.76.0
Affected Resource(s)
Terraform Configuration Files
excerpt of a larger file used for configuration:
Debug Output
Expected Behaviour
The access policy gets created after the API management instance and the system-assigned identity is created.
I assume my configuration is correct because when I first create the APIM and the system-assigned identity, and then, in a second step, add the access policy everything works.
Actual Behaviour
The creation fails since the principal id isn't defined before the creation of the API management and the registration of the APIM in the AAD.
Steps to Reproduce
terraform apply
The text was updated successfully, but these errors were encountered: