Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The default owner of azuread_service_principal is not the owner who runs terraform apply in v1.1.0 #365

Closed
moonape1226 opened this issue Nov 26, 2020 · 4 comments · Fixed by #366
Closed

The default owner of azuread_service_principal is not the owner who runs terraform apply in v1.1.0 #365

moonape1226 opened this issue Nov 26, 2020 · 4 comments · Fixed by #366
Labels
bug feature/applications regression
Milestone
v1.1.1

Comments

@moonape1226
Copy link

Hi, I encounter some default owner problem in azuread_service_principal today.

Terraform (and AzureAD Provider) Version

Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/azuread v1.1.0
+ provider registry.terraform.io/hashicorp/azurerm v2.36.0

Affected Resource(s)

azuread_application
azuread_service_principal

Terraform Configuration Files

resource "azuread_application" "test-application" {
  name = "test-application"
}

resource "azuread_service_principal" "test-sp" {
  application_id = azuread_application.test-application.application_id
}

Debug Output

Error: patching Application with ID "xxx": graphrbac.ApplicationsClient#Patch: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-11-26T03:56:19","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"xxx"}}]

Expected Behavior

In v1.0.0, the application registry created by terraform is owned by the user that ran terraform apply by default.

Actual Behavior

However, in v1.1.0, the application registry created by terraform is no longer owned by the user that ran terraform apply. So I am not able to access the application registry I created in other resources.

Steps to Reproduce

  1. terraform apply
@manicminer
Copy link
Contributor

Hi @moonape1226, thanks for reporting. We've done a lot of testing with application owners (along with some other complex properties) and agree that the default owner assigned by Azure AD should be retained. We'll be issuing a fix for this shortly.

@manicminer manicminer added this to the v1.1.1 milestone Nov 26, 2020
@manicminer manicminer mentioned this issue Nov 26, 2020
Merged
@ghost
Copy link

ghost commented Nov 26, 2020

This has been released in version 1.1.1 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azuread" {
    version = "~> 1.1.1"
}
# ... other configuration ...

@moonape1226
Copy link
Author

Thanks for the prompt reply and update!

@ghost
Copy link

ghost commented Dec 26, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Dec 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug feature/applications regression
Projects
None yet
Milestone
v1.1.1
2 participants
@manicminer @moonape1226