azurerm_static_site : identity "SystemAssigned" is not destroyed when you do a 'terraform destroy'

[ju-ge]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

Hello.

When I create a "static web app" with "managed identity" (Service Principal), it's not possible to delete this "managed identity" with "terraform destroy" of the resource. There is no error but in Azure, the resource is still present.

Terraform Version

1.2

AzureRM Provider Version

3.41.0

Affected Resource(s)/Data Source(s)

azurerm_static_site

Terraform Configuration Files

You can find the code te reproduce here : https://github.com/ju-ge/static_web_apps/tree/main

Debug Output/Panic Output

No error on first deploy/destroy but if you check in Azure, the service principal is not destroyed.
If you want to deploy again, you got obviously this error : 

│
│ Error: failed creating Static Site: (Name "test-identity-swa" / Resource Group "rg-e1-np-app-psp-dev"): web.StaticSitesClient#CreateOrUpdateStaticSite: Failure sending request: StatusCode=409 -- Original Error: Code="FailedIdentityOperation" Message="Identity operation for resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourceGroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' failed with error 'Failed to perform resource identity operation. Status: 'Conflict'. Response: '{\"error\":{\"code\":\"Conflict\",\"message\":\"Request specified that resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourcegroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' is new, but resource already exists. This may be due to a pending delete operation, try again later.\"}}'.'."
│
│   with azurerm_static_site.staticwebapps,
│   on main.tf line 18, in resource "azurerm_static_site" "staticwebapps":
│   18: resource "azurerm_static_site" "staticwebapps" {
│

Expected Behaviour

"Service principal" should be detroyed (like on other resources with identity component)

Actual Behaviour

"Service principal" is not destroyed

Steps to Reproduce

• Copy my main.tf & adapt to your Azure environment
• terraform init
• terraform apply
• terraform destroy No error until here but you can check to Azure with the name, your "service principal" is still here
• terraform apply error : Request specified that resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourcegroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' is new, but resource already exists. This may be due to a pending delete operation, try again later

Important Factoids

No response

References

No response

[tombuildsstuff]

This appears to be a bug in the Static Site API, since the Delete call should be removing all associated items, tagging as upstream/microsoft