[azurerm_pim_eligible_role_assignment] waiting for Scoped Role Eligibility Schedule Request Role Eligibility Schedule Request Name: to become found: timeout while waiting for state to become 'Exists'

notsopawel commented 1 month ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.7

AzureRM Provider Version

4.4.0

Affected Resource(s)/Data Source(s)

azurerm_pim_eligible_role_assignmen

Terraform Configuration Files

resource "azurerm_role_management_policy" "default" {
  scope              = data.azurerm_subscription.primary.id
  role_definition_id = data.azurerm_role_definition.role.id

  active_assignment_rules {
    expire_after = "P180D"
  }

Debug Output/Panic Output

2024-10-17T14:51:14.504Z [WARN]  provider.terraform-provider-azurerm_v4.4.0_x5: [WARN] WaitForState timeout after 4m55.791145154s
2024-10-17T14:51:14.504Z [WARN]  provider.terraform-provider-azurerm_v4.4.0_x5: [WARN] WaitForState starting 30s refresh grace period
2024-10-17T14:51:14.504Z [ERROR] provider.terraform-provider-azurerm_v4.4.0_x5: [ERROR] Context cancelation detected, abandoning grace period
2024-10-17T14:51:14.511Z [ERROR] provider.terraform-provider-azurerm_v4.4.0_x5: Response contains error diagnostic: tf_req_id=5515ce86-371a-faf8-00b1-ea586155e34b tf_rpc=ApplyResourceChange
  diagnostic_detail=
  | waiting for Scoped Role Eligibility Schedule Request (Scope: "/subscriptions/1912df6b-23f1-48d3-95e3----------"
  | Role Eligibility Schedule Request Name: "618cf3c5-e5ff-d209-a91e-ce5f9daa7dd7") to become found: timeout while waiting for state to become 'Exists' (last state: 'NotFound', timeout: 4m55.791145154s)
   diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/hashicorp/azurerm @module=sdk.proto
  diagnostic_summary=
  | waiting for Scoped Role Eligibility Schedule Request (Scope: "/subscriptions/------"
  | Role Eligibility Schedule Request Name: "618cf3c5-e5ff-d209-a91e-ce5f9daa7dd7") to become found: timeout while waiting for state to become 'Exists' (last state: 'NotFound', timeout: 4m55.791145154s)
   tf_proto_version=5.6 tf_resource_type=azurerm_pim_eligible_role_assignment @caller=github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 timestamp=2024-10-17T14:51:14.511Z
2024-10-17T14:51:14.544Z [ERROR] vertex "azurerm_pim_eligible_role_assignment.this" error: waiting for Scoped Role Eligibility Schedule Request (Scope: "/subscriptions/1-----------1e4d6dce7"
Role Eligibility Schedule Request Name: "618cf3c5-e5ff-d209-a91e-ce5f9daa7dd7") to become found: timeout while waiting for state to become 'Exists' (last state: 'NotFound', timeout: 4m55.791145154s)
╷
│ Error: waiting for Scoped Role Eligibility Schedule Request (Scope: "/subscriptions/---------d6dce7"
│ Role Eligibility Schedule Request Name: "618cf3c5-e5ff-d209-a91e-ce5f9daa7dd7") to become found: timeout while waiting for state to become 'Exists' (last state: 'NotFound', timeout: 4m55.791145154s)
│ 
│   with azurerm_pim_eligible_role_assignment.this,
│   on main.tf line 35, in resource "azurerm_pim_eligible_role_assignment" "this":
│   35: resource "azurerm_pim_eligible_role_assignment" "this" {
│ 
│ waiting for Scoped Role Eligibility Schedule Request (Scope: "/subscriptions/-----------e7"
│ Role Eligibility Schedule Request Name: "618cf3c5-e5ff-d209-a91e-ce5f9daa7dd7") to become found: timeout while waiting for state to become 'Exists' (last
│ state: 'NotFound', timeout: 4m55.791145154s)

Expected Behaviour

pim eligible role assignment is created and statue properly reported back to the tf provider, I increased timeout to 20mins, no luck,

Actual Behaviour

pim eligible role assignment is created, i can see it in azure portal, but tf code fails

Steps to Reproduce

t apply

Important Factoids

No response

References

No response

LaurensMignolet commented 1 week ago

Hi, I am having the same issue but only on Managementgroup scope. On subscription scope everything is working fine.

On subscription scope log my RoleEligibility Schedule Request in Azure has a Started and succeeded status entry.

On managementgroup scope my RoleEligibillity schedule request on Azure only has a started status entry, no succeeded.

musekmkr commented 4 hours ago

See this other post. Credit goes to this comment

I also posted a comment confirming this resolved my issue as well

hashicorp / terraform-provider-azurerm