-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Referencing the principal_id for an azurerm_app_configuration with SystemAssigned identity #22703
Comments
If the SystemAssigned identity already exists, then plan/apply does work without error. |
Hi @flcdrg , thanks for submitting this issue, plan details-> % terraform plan
azurerm_resource_group.example: Refreshing state... [id=/subscriptions/xxx/resourceGroups/wt-test-apc]
azurerm_app_configuration.app_conf: Refreshing state... [id=/subscriptions/xxx/resourceGroups/wt-test-apc/providers/Microsoft.AppConfiguration/configurationStores/appconfigwt2541]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
~ update in-place
Terraform planned the following actions, but then encountered a problem:
# azurerm_app_configuration.app_conf will be updated in-place
~ resource "azurerm_app_configuration" "app_conf" {
id = "/subscriptions/xxx/resourceGroups/wt-test-apc/providers/Microsoft.AppConfiguration/configurationStores/appconfigwt2541"
name = "appconfigwt2541"
tags = {}
# (11 unchanged attributes hidden)
+ identity {
+ type = "SystemAssigned"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
╷
│ Error: Missing required argument
│
│ with azurerm_role_assignment.app_config_system_identity_log_analytics_contributor,
│ on main.tf line 36, in resource "azurerm_role_assignment" "app_config_system_identity_log_analytics_contributor":
│ 36: principal_id = azurerm_app_configuration.app_conf.identity[0].principal_id
│
│ The argument "principal_id" is required, but no definition was found.
╵ workarounds for this are:
config detailprovider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "wt-test-apc"
location = "West Europe"
}
resource "azurerm_app_configuration" "app_conf" {
name = "appconfigwt25412"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "standard"
soft_delete_retention_days = 1
# Updating resource to add this
identity {
type = "SystemAssigned"
}
}
data "azurerm_app_configuration" "app_conf" {
name = azurerm_app_configuration.app_conf.name
resource_group_name = azurerm_app_configuration.app_conf.resource_group_name
}
## Adding this
resource "azurerm_role_assignment" "app_config_system_identity_log_analytics_contributor" {
scope = azurerm_resource_group.example.id
role_definition_name = "Log Analytics Contributor"
principal_id = data.azurerm_app_configuration.app_conf.identity[0].principal_id
} |
I'm having a similar issue with the managed identities on azurerm_windows_web_app and azurerm_windows_web_app_slot. Unfortunately azurerm_windows_web_app_slot does not have a datasource implementation to be able to use the second workaround. @teowa do you have any additional information that could be entered when creating the bug in the Terraform Core to help explain the problem? |
Also happens for
Causes: The argument "principal_id" is required, but no definition was found. |
Same issue for me and also unable to use the workarround with the slot (azurerm_linux_web_app_slot does not have a datasource implementation). |
Happens for |
Is there an existing issue for this?
Community Note
Terraform Version
1.4.6
AzureRM Provider Version
3.66.0
Affected Resource(s)/Data Source(s)
azurerm_app_configuration
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
Should be able to reference identity's principal_id
Actual Behaviour
Error: Missing required argument
Steps to Reproduce
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: