You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
resource"azuread_application_app_role""roles" {
for_each=var.aad_sso_defs.app_rolesapplication_id=azuread_application_registration.this.idrole_id=random_uuid.role_id[(each.key)].idallowed_member_types=sort(coalesce((each.value).allowed_member_types, ["User"]))
description=(each.value).descriptiondisplay_name=coalesce((each.value).name, (each.key))
value=(each.value).value
}
resource"azuread_application_api_access""this" {
for_each=try(var.aad_sso_defs.api_permissions, {})
application_id=azuread_application_registration.this.idapi_client_id=data.azuread_application_published_app_ids.aad_all.result["${(each.value).service_name}"] scope_ids = [ for v in (each.value).claim_values : data.azuread_service_principal.aad_all[each.key].oauth2_permission_scope_ids[v] ]}resource "azuread_application_redirect_uris" "this_web" {
count=local.redirect_uris_web_enabled?1:0application_id=azuread_application_registration.this.idtype="Web"redirect_uris=local.redirect_uris_web
}
Debug Output
─────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
- destroy
Terraform planned the following actions, but then encountered a problem:
# module.k_app.module.aad_sso_keycloak[0].random_uuid.role_id["role-33"] will be destroyed
# (because module.k_app.module.aad_sso_keycloak[0] is not in configuration)
- resource "random_uuid" "role_id" {
- id = "00000000-1111-0000-0000-000000000033" -> null
- result = "00000000-1111-0000-0000-000000000033" -> null
}
# module.k_app.module.aad_sso_keycloak[0].random_uuid.role_id["role-11"] will be destroyed
# (because module.k_app.module.aad_sso_keycloak[0] is not in configuration)
- resource "random_uuid" "role_id" {
- id = "00000000-1111-0000-0000-000000000011" -> null
- result = "00000000-1111-0000-0000-000000000011" -> null
}
# module.k_app.module.aad_sso_keycloak[0].random_uuid.role_id["role-22"] will be destroyed
# (because module.k_app.module.aad_sso_keycloak[0] is not in configuration)
- resource "random_uuid" "role_id" {
- id = "00000000-1111-0000-0000-000000000022" -> null
- result = "00000000-1111-0000-0000-000000000022" -> null
}
# module.k_app.module.aad_sso_keycloak[0].random_uuid.role_id["role-44"] will be destroyed
# (because module.k_app.module.aad_sso_keycloak[0] is not in configuration)
- resource "random_uuid" "role_id" {
- id = "00000000-1111-0000-0000-000000000044" -> null
- result = "00000000-1111-0000-0000-000000000044" -> null
}
Plan: 0 to add, 0 to change, 5 to destroy.
╷
│ Error: retrieving App Role (Application ID: "12345678-1234-1234-1234-123456789012", Role ID: "00000000-1111-0000-0000-000000000011"): ApplicationsClient.BaseClient.Get(): Get "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012": context deadline exceeded
│
│ with module.k_app.module.aad_sso_keycloak[0].azuread_application_app_role.roles["role-11"],
│ on ../../../azure/aad/aad_sso_external/main.tf line 70, in resource "azuread_application_app_role" "roles":
│ 70: resource "azuread_application_app_role" "roles" {
│
│ retrieving App Role (Application ID:
│ "12345678-1234-1234-1234-123456789012", Role ID:
│ "00000000-1111-0000-0000-000000000011"):
│ ApplicationsClient.BaseClient.Get(): Get
│ "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012":
│ context deadline exceeded
╵
╷
│ Error: retrieving App Role (Application ID: "12345678-1234-1234-1234-123456789012", Role ID: "00000000-1111-0000-0000-000000000022"): ApplicationsClient.BaseClient.Get(): Get "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012": http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a nil *Response with a nil error
│
│ with module.k_app.module.aad_sso_keycloak[0].azuread_application_app_role.roles["role-22"],
│ on ../../../azure/aad/aad_sso_external/main.tf line 70, in resource "azuread_application_app_role" "roles":
│ 70: resource "azuread_application_app_role" "roles" {
│
│ retrieving App Role (Application ID:
│ "12345678-1234-1234-1234-123456789012", Role ID:
│ "00000000-1111-0000-0000-000000000022"):
│ ApplicationsClient.BaseClient.Get(): Get
│ "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012":
│ http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a
│ nil *Response with a nil error
╵
╷
│ Error: retrieving Application API Access (Application ID: "12345678-1234-1234-1234-123456789012", API Client ID: "00000003-0000-0000-c000-000000000000"): ApplicationsClient.BaseClient.Get(): Get "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012": http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a nil *Response with a nil error
│
│ with module.k_app.module.aad_sso_keycloak[0].azuread_application_api_access.this["sso-read"],
│ on ../../../azure/aad/aad_sso_external/main.tf line 89, in resource "azuread_application_api_access" "this":
│ 89: resource "azuread_application_api_access" "this" {
│
│ retrieving Application API Access (Application ID:
│ "12345678-1234-1234-1234-123456789012", API Client ID:
│ "00000003-0000-0000-c000-000000000000"):
│ ApplicationsClient.BaseClient.Get(): Get
│ "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012":
│ http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a
│ nil *Response with a nil error
╵
╷
│ Error: retrieving Application Redirect URIs (Application ID: "12345678-1234-1234-1234-123456789012", URI Type: "Web"): ApplicationsClient.BaseClient.Get(): Get "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012": http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a nil *Response with a nil error
│
│ with module.k_app.module.aad_sso_keycloak[0].azuread_application_redirect_uris.this_web[0],
│ on ../../../azure/aad/aad_sso_external/main.tf line 120, in resource "azuread_application_redirect_uris" "this_web":
│ 120: resource "azuread_application_redirect_uris" "this_web" {
│
│ retrieving Application Redirect URIs (Application ID:
│ "12345678-1234-1234-1234-123456789012", URI Type: "Web"):
│ ApplicationsClient.BaseClient.Get(): Get
│ "https://graph.microsoft.com/v1.0/applications/12345678-1234-1234-1234-123456789012":
│ http: RoundTripper implementation (*retryablehttp.RoundTripper) returned a
│ nil *Response with a nil error
╵
Releasing state lock. This may take a few moments...
ERRO[0434] terraform invocation failed in /root/.cache/terragrunt/dl/Sb3NNIh7r74vh_1_Gk8f5L9T_zo/75uKXgpfhQuQUTjChPufc55-7u8/modules/d1/d2/tg-001 prefix=[/xxxxxxxx/yyyyyyy/]
ERRO[0434] Module /xxxxxxxx/yyyyyyy/ has finished with an error: 1 error occurred:
* [/root/.cache/terragrunt/dl/Sb3NNIh7r74vh_1_Gk8f5L9T_zo/75uKXgpfhQuQUTjChPufc55-7u8/modules/d1/d2/tg-001] exit status 1
prefix=[/xxxxxxxx/yyyyyyy/]
ERRO[0434] 1 error occurred:
* [/root/.cache/terragrunt/dl/Sb3NNIh7r74vh_1_Gk8f5L9T_zo/75uKXgpfhQuQUTjChPufc55-7u8/modules/d1/d2/tg-001] exit status 1
Expected Behavior
Remove the objects that were created
The text was updated successfully, but these errors were encountered:
@joaocc Thanks for reporting this issue. Would you be able to provide a debug log for when this issue occurs, as I'm unfortunately not able to deduce what is happening based on the plan alone. Thanks!
Hi
I am not at this moment, as we manually cleaned up the state file many weeks/months ago.
I think the easiest way to test is to manually remove the SP or some of the items corresponding to "dependant" terraform resources.
This also happened in other resources, where one of the resource types wasn't checking for cases where the "parent/root" resource was no longer available.
If this fails to reproduce, pls feel free to close as we are unlikely to be able to provide further info.
Thx
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.5.7
on linux_arm64
"registry.terraform.io/hashicorp/azuread"
version = "2.47.0"
Affected Resource(s)
azuread_application_app_role
azuread_application_api_access
azuread_application_redirect_uris
Terraform Configuration Files
Debug Output
Expected Behavior
Remove the objects that were created
The text was updated successfully, but these errors were encountered: