Please expose azurerm_cognitive_account.this.identity such that RBAC like azurerm_role_assignment can be created to reference this directly.
An indirect discovery via data azurerm_cognitive_account leads to azurerm_role_assignment resource recreation due to the non-deterministic result from data.
New or Affected Resource(s)/Data Source(s)
azurerm_cognitive_account.this
Potential Terraform Configuration
From:
data "azurerm_cognitive_account" "a" {
depends_on = [ module.openai ]
name = var.name
resource_group_name = azurerm_resource_group.g.name
}
resource "azurerm_role_assignment" "openai_to_search" {
scope = azurerm_search_service.s.id
principal_id = data.azurerm_cognitive_account.a.identity[0].principal_id
role_definition_name = "Search Index Data Reader"
principal_type = "ServicePrincipal"
}
To:
resource "azurerm_role_assignment" "openai_to_search" {
scope = azurerm_search_service.s.id
principal_id = module.openai.identity.principal_id
role_definition_name = "Search Index Data Reader"
principal_type = "ServicePrincipal"
}
Is there an existing issue for this?
Description
Please expose
azurerm_cognitive_account.this.identitysuch that RBAC likeazurerm_role_assignmentcan be created to reference this directly.An indirect discovery via
data azurerm_cognitive_accountleads toazurerm_role_assignmentresource recreation due to the non-deterministic result fromdata.New or Affected Resource(s)/Data Source(s)
azurerm_cognitive_account.this
Potential Terraform Configuration
From:
To: