Open paul-hugill opened 3 months ago
@paul-hugill From the azuread provider's issue, the diff indicates a change for the approval_stage
. Is that the same for your case (as the plan diff you provided doesn't look like something printed directly from TF)?
Sorry @magodo, yes exactly the same, that was a TFC UI output, this is a similar CLI version.
# module.this.azurerm_role_management_policy.built_in["Owner"] will be updated in-place
~ resource "azurerm_role_management_policy" "built_in" {
id = "/subscriptions/xxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635|/subscriptions/xxxxxxxxxxxxx"
name= "6f3c8f32-3c2d-4917-a5bb-c04ee74bbb09"
# (2 unchanged attributes hidden)
~ activation_rules {
# (5 unchanged attributes hidden)
- approval_stage {
}
}
# (3 unchanged blocks hidden)
}
In the CLI for both, they show the approval_stage
being removed but in the Structured UI output in TFC, there are no changes at all shown.
For anyone else trying to use this, that doesn't need the approvals, then adding ignore_changes
at least stops the constant drift.
lifecycle {
ignore_changes = [activation_rules[0].approval_stage]
}
Not a solution but at least makes this usable for me for now.
The issue probably lies in https://github.com/hashicorp/terraform-provider-azurerm/blob/9d1768c6a074a460cd059efc4285f6a7832aa14a/internal/services/authorization/role_management_policy.go#L268-L272
This happens at Create/Update that no approval_stage
is specified, it ended up with an empty block, while actually it wants a null
.
Ping @manicminer.
Is there an existing issue for this?
Community Note
Terraform Version
1.5.7
AzureRM Provider Version
3.108.1
Affected Resource(s)/Data Source(s)
azurerm_role_management_policy
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
On subsequent runs there should be no changes
Actual Behaviour
Always shows changes but not what is being changed:
Steps to Reproduce
terraform apply
terraform apply
again and see it showing it will do an update but not what it is updatingImportant Factoids
No response
References
This appears to be the same as the issue I am having on the
azuread_group_role_management_policy
resource in theAzureAD
provider: https://github.com/hashicorp/terraform-provider-azuread/issues/1398I believe this is based on the same code.