Open davidkarlsen opened 2 months ago
For folks coming to this, it seems one can avoid it if you rely on DefaultCredentials
instead using this: https://registry.terraform.io/providers/betr-io/mssql/latest/docs/resources/user#azuread_default_chain_auth option
We use a service-principal to authenticate (i.e. setting client_id/client_secret/tenant_id). The secret will rotate from time to time, but the current correct value is set for each terraform execution. However, during a plan the provider seems to use the stored values from the statefile to refresh - and hence this will fail. I think the credentials shouldn't be stored in state, but always read as input config.
The only way to get past this stuck state is to taint the resources, so they are not refreshed, but deleted and re-created.