search

Azure / terraform-provider-azapi

Terraform provider for Azure Resource Manager Rest API
https://registry.terraform.io/providers/Azure/azapi/latest
Mozilla Public License 2.0
193 stars 49 forks source link

Passing the `id` attribute of a service principal in `azapi_resource`'s `identity` block returns `Error: parsing Azure ID` #437

Closed smedegaard closed 1 week ago

smedegaard commented 7 months ago

I have a azurerm_logic_app_workflow block that uses a system assigned service principal.

resource "azurerm_logic_app_workflow" "logic_app" {
  name                = "${var.name_prefix}-file-upload-logic-app"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  identity {
    type = "SystemAssigned"
  }
}

and an api connection to SharePoint

resource "azapi_resource" "connection" {
  type      = "Microsoft.Web/connections@2016-06-01"
  name      = "${var.name_prefix}-sharepointonline-connection"
  location  = azurerm_resource_group.rg.location
  parent_id = azurerm_resource_group.rg.id
  tags = {
    created_by = "terraform"
  }

  # use the system assigned identity from the logic app
  identity {
    type = "SystemAssigned"
    identity_ids = [azurerm_logic_app_workflow.logic_app.identity.0.principal_id]
  }

  body = jsonencode(
    {...}
  )

}

When running terraform plan I get 

╷
│ Error: parsing Azure ID: parse "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx": invalid URI for request
│
│   with azapi_resource.connection,
│   on main.tf line 136, in resource "azapi_resource" "connection":
│  136:     identity_ids = [azurerm_logic_app_workflow.logic_app.identity.0.principal_id]
│

The id is passed correctly from the first block to the connection block. After searching the web for way too long, I saw a mention about the format needs to be something like "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${azurerm_resource_group.rg.name}/providers/microsoft.managedidentity/UserAssignedIdentities/${name_of_managed_identity}". I've had no luck with that either.

It would be a lot more intuitive if we were able to pass the principal id in identity_ids

ms-henglu commented 6 months ago

Hi @smedegaard ,

Thank you for taking time to report this issue and apologize for late response.

The identity_ids field is used to specify the user assigned identity associated with the resource, so it's not allowed to use principal ID here.

Would you please share a document about the feature that you want to use? I could help you make an azapi example.

ms-henglu commented 1 week ago

I'll close this issue as there's no response. Feel free to reopen it if there's any questions.