azurerm_logic_app_standard not configuring userassigned identity correctly

[vikljw]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.33

AzureRM Provider Version

3.30.0

Affected Resource(s)/Data Source(s)

azurerm_logic_app_standard

Terraform Configuration Files

resource "azurerm_logic_app_standard" "strapi-proxy" {
  name                       = "strapi-proxy-${local.env}"
  location            = local.location
  resource_group_name = azurerm_resource_group.workflow.name
  app_service_plan_id        = azurerm_service_plan.workflow.id
  storage_account_name       = module.saworkflow.sa_out.name
  storage_account_access_key = module.saworkflow.sa_out.primary_access_key
  https_only = true
  virtual_network_subnet_id = module.vnetmodule.subnets_out[10].id
  tags = local.tags
  site_config {
    vnet_route_all_enabled = "1"
  }

  app_settings = {
    "WEBSITE_VNET_ROUTE_ALL"  = "1"
    "WEBSITE_CONTENTOVERVNET" = "1"
    "APPINSIGHTS_INSTRUMENTATIONKEY" = "${azurerm_application_insights.appinsight.instrumentation_key}"
  }
  identity {
    type= "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.system.id]
  }
}

Debug Output/Panic Output

# azurerm_logic_app_standard.strapi-proxy will be updated in-place
  ~ resource "azurerm_logic_app_standard" "strapi-proxy" {
        id                             = "/subscriptions/<>/resourceGroups/workflow-viktfdev/providers/Microsoft.Web/sites/strapi-proxy-viktfdev"
        name                           = "strapi-proxy-viktfdev"
        tags                           = {
            "environment" = "viktftest"
        }
        # (21 unchanged attributes hidden)

      ~ identity {
          ~ identity_ids = [
              + "/subscriptions/<>/resourceGroups/mgmt-viktfdev/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<>",
            ]
          ~ type         = "SystemAssigned" -> "UserAssigned"
            # (2 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Expected Behaviour

It should be set to UserAssigned with the requested managed identity

Actual Behaviour

The resource provider sets it to SystemAssigned incorrectly during apply then keep flagging out for re-configuration during subsequent terraform plan and apply. Manual configuration of the user assign identity on the logic app was successful but was reverted incorrectly back to SystemAssigned in subsequent terraform apply.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[ziyeqf]

Hi @vikljw, thanks for reporting!

A Pull Request (#19228) to fix it has been submitted.

[github-actions[bot]]

This functionality has been released in v3.31.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.