Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing the id attribute of a service principal in azapi_resource's identity block returns Error: parsing Azure ID #437

Open
smedegaard opened this issue Mar 21, 2024 · 1 comment
Open

Passing the id attribute of a service principal in azapi_resource's identity block returns Error: parsing Azure ID #437

smedegaard opened this issue Mar 21, 2024 · 1 comment
Labels
example Example request waiting-response

Comments

@smedegaard
Copy link

I have a azurerm_logic_app_workflow block that uses a system assigned service principal.

resource "azurerm_logic_app_workflow" "logic_app" {
  name                = "${var.name_prefix}-file-upload-logic-app"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  identity {
    type = "SystemAssigned"
  }
}

and an api connection to SharePoint

resource "azapi_resource" "connection" {
  type      = "Microsoft.Web/connections@2016-06-01"
  name      = "${var.name_prefix}-sharepointonline-connection"
  location  = azurerm_resource_group.rg.location
  parent_id = azurerm_resource_group.rg.id
  tags = {
    created_by = "terraform"
  }

  # use the system assigned identity from the logic app
  identity {
    type = "SystemAssigned"
    identity_ids = [azurerm_logic_app_workflow.logic_app.identity.0.principal_id]
  }

  body = jsonencode(
    {...}
  )

}

When running terraform plan I get

╷
│ Error: parsing Azure ID: parse "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx": invalid URI for request
│
│   with azapi_resource.connection,
│   on main.tf line 136, in resource "azapi_resource" "connection":
│  136:     identity_ids = [azurerm_logic_app_workflow.logic_app.identity.0.principal_id]
│

The id is passed correctly from the first block to the connection block. After searching the web for way too long, I saw a mention about the format needs to be something like "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${azurerm_resource_group.rg.name}/providers/microsoft.managedidentity/UserAssignedIdentities/${name_of_managed_identity}".
I've had no luck with that either.

It would be a lot more intuitive if we were able to pass the principal id in identity_ids
@ms-henglu
Copy link
Collaborator

Hi @smedegaard ,

Thank you for taking time to report this issue and apologize for late response.

The identity_ids field is used to specify the user assigned identity associated with the resource, so it's not allowed to use principal ID here.

Would you please share a document about the feature that you want to use? I could help you make an azapi example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
example Example request waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smedegaard @ms-henglu