Changes in azurerm_eventgrid_topic identity block fail on plan

[tamirkamara]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.1.5

AzureRM Provider Version

3.11.0

Affected Resource(s)/Data Source(s)

azurerm_eventgrid_topic

Terraform Configuration Files

resource "azurerm_resource_group" "myrg" {
  location = "westeurope"
  name     = "rg-test"
}

### FIRST RUN ###
resource "azurerm_eventgrid_topic" "mytopic" {
  name                = "evgt-mytopic"
  location            = azurerm_resource_group.myrg.location
  resource_group_name = azurerm_resource_group.myrg.name
}
### END FIRST RUN ###

### SECOND RUN - ADD IDENTITY & REFERENCE IT ###
resource "azurerm_eventgrid_topic" "mytopic" {
  name                = "evgt-mytopic"
  location            = azurerm_resource_group.myrg.location
  resource_group_name = azurerm_resource_group.myrg.name

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_role_assignment" "mytopic" {
  scope                = "/subscriptions/73a4ea93.../resourceGroups/rg-test/providers/Microsoft.ServiceBus/namespaces/sb-test"
  role_definition_name = "Azure Service Bus Data Sender"
  principal_id         = azurerm_eventgrid_topic.mytopic.identity.0.principal_id

  depends_on = [
    azurerm_eventgrid_topic.mytopic
  ]
}
### END SECOND RUN ###

Debug Output/Panic Output

azurerm_resource_group.myrg: Refreshing state... [id=/subscriptions/73a4ea93.../resourceGroups/rg-test]
azurerm_eventgrid_topic.mytopic: Refreshing state... [id=/subscriptions/73a4ea93.../resourceGroups/rg-test/providers/Microsoft.EventGrid/topics/evgt-mytopic]
╷
│ Error: Missing required argument
│ 
│   with azurerm_role_assignment.mytopic,
│   on new.tf line 33, in resource "azurerm_role_assignment" "mytopic":
│   33:   principal_id         = azurerm_eventgrid_topic.mytopic.identity.0.principal_id
│ 
│ The argument "principal_id" is required, but no definition was found.

Expected Behaviour

Plan succeed and azurerm_role_assignment.mytopic "waits" for the changes in azurerm_eventgrid_topic.mytopic

Actual Behaviour

The plan command fails

Steps to Reproduce

1. First apply the config of the first run, just the topic without any identities
2. Then amend it to include the identity and try to use it. It's enough to run terraform plan here.

Important Factoids

No response

References

No response

[xiaxyi]

@tamirkamara Thanks for bring it up. The identity block is empty in state after the creation and this caused the required property got an empty value. The depends_on is not going to work since the resource already exists.

can you try partially update by running terraform plan -target="azurerm_eventgrid_topic.mytopic" then terraform apply -target="azurerm_eventgrid_topic.mytopic" ? It should work

[tamirkamara]

Thank you @xiaxyi. Your suggestion might be a good option for some cases but not for me - I don't control the calling process that issues the apply command, so it's not possible for me to introduce this intermediate step. I think this should be handled internally by Terraform somehow.