You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Plan correctly states resource "will be updated in-place".
On apply this errors:
Error: Could not create assignment schedule request, PrivilegedAccessGroupEligibilityScheduleRequestsClient.BaseClient.Post(): unexpected status 400 with OData error: RoleAssignmentExists: The Role assignment already exists
Steps to Reproduce
Given the two HCL configurations above, first apply 'before' and then attempt to update the resource by applying the 'after' configuration.
References
I've had a brief look at the provider code and Graph documentation and I believe the issue may stem from this line:
On an update operation it is using Action = msgraph.PrivilegedAccessGroupActionAdminAssign which is the same as the Create() operation. Based on the Graph documentation here I believe this should instead be using Action = msgraph.PrivilegedAccessGroupActionAdminUpdate however I've not yet been able to test this.
The text was updated successfully, but these errors were encountered:
Community Note
Terraform (and AzureAD Provider) Version
Terraform: 1.8.5
Azure AD Provider: 2.53.1
Affected Resource(s)
azuread_privileged_access_group_eligibility_schedule
Terraform Configuration Files
Before:
After:
Expected Behavior
Properties are updated on existing resource.
Actual Behavior
Plan correctly states resource "will be updated in-place".
On apply this errors:
Steps to Reproduce
Given the two HCL configurations above, first apply 'before' and then attempt to update the resource by applying the 'after' configuration.
References
I've had a brief look at the provider code and Graph documentation and I believe the issue may stem from this line:
terraform-provider-azuread/internal/services/identitygovernance/privileged_access_group_eligiblity_schedule_resource.go
Line 214 in 6594e1c
On an update operation it is using
Action = msgraph.PrivilegedAccessGroupActionAdminAssign
which is the same as the Create() operation. Based on the Graph documentation here I believe this should instead be usingAction = msgraph.PrivilegedAccessGroupActionAdminUpdate
however I've not yet been able to test this.The text was updated successfully, but these errors were encountered: