You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
Terraform Version
1.9.2
AzureRM Provider Version
~> 3.85
Affected Resource(s)/Data Source(s)
azurerm_search_service, azurerm_role_assignment
Terraform Configuration Files
resource"azurerm_search_service""this" {
# This is an existing search service WIHTOUT the identity blockidentity {
type="SystemAssigned"
}
}
resource"azurerm_cognitive_account""this" {
# Some existing cognitive account
}
resource"azurerm_role_assignment""cognitiveaccount_search_reader" {
# This RBAC is newscope=azurerm_search_service.this.idrole_definition_name="Search Index Data Reader"principal_id=azurerm_cognitive_account.this.identity[0].principal_id
}
Debug Output/Panic Output
╷
│ Error: Missing required argument
│
│ with azurerm_role_assignment.azuresearch["swc-openai-s0"],
│ on cognitiveaccount.tf line 43, in resource "azurerm_role_assignment""azuresearch":
│ 43: principal_id = module.azuresearch.identity.principal_id
│
│ The argument "principal_id" is required, but no definition was found.
╵
Expected Behaviour
The provider should be able to enable the identity first and then using the generated values.
Actual Behaviour
The provider fails as the current state does not have the required properties.
Steps to Reproduce
apply the code above without the azurerm_search_service identity block and without the RBAC assignment
comment in the identity block and RBAC assignment
apply again
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered:
Hi @aeimer , thank you for bringing this to our attention. I've confirmed the issue on my end as well. It occurs because Terraform attempts to locate the principal_id for the azurerm_role_assignment resource during plan generation, but fails since the principal_id hasn't been created yet. As a temporary solution, you can include the identity block for the initial terraform apply run. Afterwards, incorporate the azurerm_role_assignment and execute terraform apply again.
╷
│ Error: Invalid index
│
│ on main.tf line 51, in resource "azurerm_role_assignment" "cognitiveaccount_search_reader":
│ 51: principal_id = azurerm_cognitive_account.example.identity[0].principal_id
│ ├────────────────
│ │ azurerm_cognitive_account.example.identity is empty list of object
│
│ The given key does not identify an element in this collection value: the collection has no elements.
Is there an existing issue for this?
Community Note
Terraform Version
1.9.2
AzureRM Provider Version
~> 3.85
Affected Resource(s)/Data Source(s)
azurerm_search_service, azurerm_role_assignment
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
The provider should be able to enable the identity first and then using the generated values.
Actual Behaviour
The provider fails as the current state does not have the required properties.
Steps to Reproduce
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: