When I create a "static web app" with "managed identity" (Service Principal), it's not possible to delete this "managed identity" with "terraform destroy" of the resource.
There is no error but in Azure, the resource is still present.
Terraform Version
1.2
AzureRM Provider Version
3.41.0
Affected Resource(s)/Data Source(s)
azurerm_static_site
Terraform Configuration Files
You can find the code te reproduce here : https://github.com/ju-ge/static_web_apps/tree/main
Debug Output/Panic Output
No error on first deploy/destroy but if you check in Azure, the service principal is not destroyed.
If you want to deploy again, you got obviously this error :
│
│ Error: failed creating Static Site: (Name "test-identity-swa" / Resource Group "rg-e1-np-app-psp-dev"): web.StaticSitesClient#CreateOrUpdateStaticSite: Failure sending request: StatusCode=409 -- Original Error: Code="FailedIdentityOperation" Message="Identity operation for resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourceGroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' failed with error 'Failed to perform resource identity operation. Status: 'Conflict'. Response: '{\"error\":{\"code\":\"Conflict\",\"message\":\"Request specified that resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourcegroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' is new, but resource already exists. This may be due to a pending delete operation, try again later.\"}}'.'."
│
│ with azurerm_static_site.staticwebapps,
│ on main.tf line 18, in resource "azurerm_static_site" "staticwebapps":
│ 18: resource "azurerm_static_site" "staticwebapps" {
│
Expected Behaviour
"Service principal" should be detroyed (like on other resources with identity component)
Actual Behaviour
"Service principal" is not destroyed
Steps to Reproduce
Copy my main.tf & adapt to your Azure environment
terraform init
terraform apply
terraform destroy
No error until here but you can check to Azure with the name, your "service principal" is still here
terraform apply
error : Request specified that resource '/subscriptions/9783655a-7251-425b-997b-aa9bddf14084/resourcegroups/rg-e1-np-app-psp-dev/providers/Microsoft.Web/staticSites/test-identity-swa' is new, but resource already exists. This may be due to a pending delete operation, try again later
Is there an existing issue for this?
Community Note
Hello.
When I create a "static web app" with "managed identity" (Service Principal), it's not possible to delete this "managed identity" with "terraform destroy" of the resource. There is no error but in Azure, the resource is still present.
Terraform Version
1.2
AzureRM Provider Version
3.41.0
Affected Resource(s)/Data Source(s)
azurerm_static_site
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
"Service principal" should be detroyed (like on other resources with identity component)
Actual Behaviour
"Service principal" is not destroyed
Steps to Reproduce
Important Factoids
No response
References
No response