azuread_service_principal_delegated_permission_grant fails state refresh when edited in the UI #940
Comments
|
Hi @fellnerse, thanks for reporting this. There is indeed a bug here, Terraform should offer to recreate the grant as it is defined in your configuration. Note however, that if the grant is replaced with a new one by editing it in the console, the provider cannot delete the new grant that is created out-of-band, it can only recreate the original grant. |
|
This functionality has been released in v2.33.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.3.4
on darwin_arm64
azuread: 2.30.0
Affected Resource(s)
azuread_service_principal_delegated_permission_grantTerraform Configuration Files
Debug Output
GET https://graph.microsoft.com/v1.0/XXX/oauth2PermissionGrants/BShvLqYa7UeQiEd06UbhCjCu3jJAc89NucwjzqGIe2I
Request ID: XXX
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Cache-Control: no-cache
Client-Request-Id: XXX
Content-Type: application/json
Date: Fri, 02 Dec 2022 14:00:44 GMT
Request-Id: XXX
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Ms-Ags-Diagnostic: {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"FR1PEPF000007AE"}}
X-Ms-Resource-Unit: 1
15c
{"error":{"code":"Request_ResourceNotFound","message":"Resource 'BShvLqYa7UeQiEd06UbhCjCu3jJAc89NucwjzqGIe2I' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2022-12-02T14:00:44","request-id":"XXX","client-request-id":"XXX"}}}
0
Panic Output
╷
│ Error: Retrieving Delegated Permission Grant with ID "BShvLqYa7UeQiEd06UbhCjCu3jJAc89NucwjzqGIe2I"
│
│ with azuread_service_principal_delegated_permission_grant. permission,
│ on main.tf line 130, in resource "azuread_service_principal_delegated_permission_grant" "permission":
│ 130: resource "azuread_service_principal_delegated_permission_grant" "permission" {
│
│ DelegatedPermissionGrantsClient.BaseClient.Get(): unexpected status 404
│ with OData error: Request_ResourceNotFound: Resource
│ 'BShvLqYa7UeQiEd06UbhCjCu3jJAc89NucwjzqGIe2I' does not exist or one of its
│ queried reference-property objects are not present.
╵
Expected Behavior
Should not panic and just handle it -> recreate the delegated permission
Actual Behavior
Panics and stops
Steps to Reproduce
Create delegated permission grant. Delete it in UI. Run terraform plan.
Using the azure cli its easy to see that the 404 is expected:
The grant you see here is another one, that was not altered and for this one the refresh actually still works.
References
Looks like this: #748
edit:
Workarround
remove delegated grant from state:
terraform state rm azuread_service_principal_delegated_permission_grant.permissionThe text was updated successfully, but these errors were encountered: