[Bug Fix] azurerm_pim_active_role_assignment, azurerm_pim_eligible_role_assignment
#24524
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Replace the Instance API by Schedule API 2. Use the Schedule Request ID to get the Schedule Request not Schedule ID 3. Use cancel API to cancel the pending role assignment
|
|
This was
linked to
issues
Jan 22, 2024
This comment was marked as off-topic.
This comment was marked as off-topic.
1 task
|
@manicminer Could we request an expedite on your review of the PR? #23111 is eagerly waiting for the possible fix. |
|
hi @manicminer , good day. Could we confirm when you will review and approve this fix? We have many customers got these kinds of issue and we are waiting for the fix to update. The fix has been updated more than one month. Thanks, in advance. |
manicminer
approved these changes
Feb 29, 2024
There was a problem hiding this comment.
@xuzhang3 Thanks for working on this! The PIM APIs are a challenge and switching to the /roleAssignmentScheduleRequests / /roleEligibilityScheduleRequests endpoints seems the right way to go. I've made a few linting and code style stweaks, but this otherwise LGTM 👍
manicminer
added a commit
that referenced
this pull request
Feb 29, 2024
lemeurherve
pushed a commit
to jenkins-infra/azure
that referenced
this pull request
Mar 11, 2024
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
<h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>changes detected:
	"hashicorp/azurerm" updated from
"3.93.0" to "3.94.0" in file
".terraform.lock.hcl"</p>
<details>
<summary>3.94.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.94.0
FEATURES:

*
**New Resource**: `azurerm_kubernetes_fleet_update_run`
([#24813](https://github.com/hashicorp/terraform-provider-azurerm/issues/24813))

ENHANCEMENTS:

*
dependencies: updating to `v0.20240228.1142829` of
`github.com/hashicorp/go-azure-sdk`
([#25081](https://github.com/hashicorp/terraform-provider-azurerm/issues/25081))
*
`servicefabric`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#25002](https://github.com/hashicorp/terraform-provider-azurerm/issues/25002))
*
`springcloud`: updating to API Version `2024-01-01-preview`
([#24937](https://github.com/hashicorp/terraform-provider-azurerm/issues/24937))
*
`securitycenter`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#25081](https://github.com/hashicorp/terraform-provider-azurerm/issues/25081))
*
Data Source: `azurerm_storage_table_entities` - support for `select`
([#24987](https://github.com/hashicorp/terraform-provider-azurerm/issues/24987))
*
Data Source: `azurerm_netapp_volume` - support for the
`smb_access_based_enumeration` and `smb_non_browsable` properties
([#24514](https://github.com/hashicorp/terraform-provider-azurerm/issues/24514))
*
`azurerm_cosmosdb_account` - add support for the `minimal_tls_version`
property
([#24966](https://github.com/hashicorp/terraform-provider-azurerm/issues/24966))
*
`azurerm_federated_identity_credential` - the federated credentials can
now be changed without creating a new resource
([#25003](https://github.com/hashicorp/terraform-provider-azurerm/issues/25003))
*
`azurerm_kubernetes_cluster` - support for the
`current_kubernetes_version` property
([#25079](https://github.com/hashicorp/terraform-provider-azurerm/issues/25079))
*
`azurerm_kubernetes_cluster` - private DNS is now allowed for the
`web_app_routing` property
([#25038](https://github.com/hashicorp/terraform-provider-azurerm/issues/25038))
*
`azurerm_kubernetes_cluster` - migration between different
`outbound_type`s is now allowed
([#25021](https://github.com/hashicorp/terraform-provider-azurerm/issues/25021))
*
`azurerm_mssql_database` - support for the `recovery_point_id` and
`restore_long_term_retention_backup_id` properties
([#24904](https://github.com/hashicorp/terraform-provider-azurerm/issues/24904))
*
`azurerm_linux_virtual_machine` - support for the
`automatic_upgrade_enabled`, `disk_controller_type`,
`os_image_notification`, `treat_failure_as_deployment_failure_enabled`,
and `vm_agent_platform_updates_enabled`properties
([#23394](https://github.com/hashicorp/terraform-provider-azurerm/issues/23394))
*
`azurerm_nginx_deployment` - support for the `automatic_upgrade_channel`
property
([#24867](https://github.com/hashicorp/terraform-provider-azurerm/issues/24867))
*
`azurerm_netapp_volume` - support for the `smb_access_based_enumeration`
and `smb_non_browsable` properties
([#24514](https://github.com/hashicorp/terraform-provider-azurerm/issues/24514))
*
`azurerm_netapp_pool` - support for the `encryption_type` property
([#24993](https://github.com/hashicorp/terraform-provider-azurerm/issues/24993))
*
`azurerm_role_definition` - upgrade to the API version
`2022-05-01-preview`
([#25008](https://github.com/hashicorp/terraform-provider-azurerm/issues/25008))
*
`azurerm_redis_cache` - allow AAD auth for all SKUs
([#25006](https://github.com/hashicorp/terraform-provider-azurerm/issues/25006))
*
`azurerm_sql_managed_instance` - support for the
`zone_redundant_enabled` property
([#25089](https://github.com/hashicorp/terraform-provider-azurerm/issues/25089))
*
`azurerm_spring_cloud_gateway` - support for the
`application_performance_monitoring_ids` property
([#24919](https://github.com/hashicorp/terraform-provider-azurerm/issues/24919))
*
`azurerm_spring_cloud_configuration_service` - support for the
`refresh_interval_in_seconds` property
([#25009](https://github.com/hashicorp/terraform-provider-azurerm/issues/25009))
*
`azurerm_synapse_workspace` - support for using the
`user_assigned_identity_id` property within the `customer_managed_key`
block
([#25027](https://github.com/hashicorp/terraform-provider-azurerm/issues/25027))
*
`azurerm_windows_virtual_machine` - support for the
`automatic_upgrade_enabled`, `disk_controller_type`,
`os_image_notification`, `treat_failure_as_deployment_failure_enabled`,
and `vm_agent_platform_updates_enabled`properties
([#23394](https://github.com/hashicorp/terraform-provider-azurerm/issues/23394))

BUG
FIXES:

* `azurerm_api_management_notification_recipient_email`
- fixing an issue where response pages weren't iterated over
correctly
([#25055](https://github.com/hashicorp/terraform-provider-azurerm/issues/25055))
*
`azurerm_api_management_notification_recipient_user` - fixing an issue
where response pages weren't iterated over correctly
([#25055](https://github.com/hashicorp/terraform-provider-azurerm/issues/25055))
*
`azurerm_batch_pool` - fix setting the `extension.settings_json`
property
([#24976](https://github.com/hashicorp/terraform-provider-azurerm/issues/24976))
*
`azurerm_key_vault_key` - `expiration_date` can be updated if newer date
is ahead
([#25000](https://github.com/hashicorp/terraform-provider-azurerm/issues/25000))
*
`azurerm_pim_active_role_assignment` - fix an isue where the resource
would disappear or fail to import after 45 days
([#24524](https://github.com/hashicorp/terraform-provider-azurerm/issues/24524))
*
`azurerm_pim_eligible_role_assignment` - fix an isue where the resource
would disappear or fail to import after 45 days
([#24524](https://github.com/hashicorp/terraform-provider-azurerm/issues/24524))
*
`azurerm_recovery_services_vault` - validate that
`use_system_assigned_identity` and `user_assigned_identity_id` cannot be
set at the same time
([#24091](https://github.com/hashicorp/terraform-provider-azurerm/issues/24091))
*
`azurerm_recovery_vaults` will now create properly with
`SystemAssigned,UserAssigned` identity
([#24978](https://github.com/hashicorp/terraform-provider-azurerm/issues/24978))
*
`azurerm_subscription` - fixing an issue where response pages
weren't iterated over correctly
([#25055](https://github.com/hashicorp/terraform-provider-azurerm/issues/25055))


</pre>
</details>
<details>
<summary>3.95.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.95.0
FEATURES:

*
New Resource: `azurerm_container_app_custom_domain`
([#24421](https://github.com/hashicorp/terraform-provider-azurerm/issues/24421))
*
New Resource:
`azurerm_data_protection_backup_instance_kubernetes_cluster`
([#24940](https://github.com/hashicorp/terraform-provider-azurerm/issues/24940))
*
New Resource: `azurerm_static_web_app`
([#25117](https://github.com/hashicorp/terraform-provider-azurerm/issues/25117))
*
New resource: `azurerm_static_web_app_custom_domain`
([#25117](https://github.com/hashicorp/terraform-provider-azurerm/issues/25117))
*
New resource:
`azurerm_system_center_virtual_machine_manager_availability_set`
([#24975](https://github.com/hashicorp/terraform-provider-azurerm/issues/24975))
*
New Resource: `azurerm_workloads_sap_three_tier_virtual_instance`
([#24384](https://github.com/hashicorp/terraform-provider-azurerm/issues/24384))
*
New Resource: `azurerm_workloads_sap_single_node_virtual_instance`
([#24331](https://github.com/hashicorp/terraform-provider-azurerm/issues/24331))

ENHANCEMENTS:

*
`dependencies`: updating to v0.20240229.1102109 of
`github.com/hashicorp/go-azure-sdk`
([#25102](https://github.com/hashicorp/terraform-provider-azurerm/issues/25102))
*
`monitor`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
[GH-#25102]
* `network`: updating to API Version `2023-09-01`
([#25095](https://github.com/hashicorp/terraform-provider-azurerm/issues/25095))
*
`azurerm_data_factory_integration_runtime_managed` - support for the
`credential_name` property
([#25033](https://github.com/hashicorp/terraform-provider-azurerm/issues/25033))
*
`azurerm_linux_function_app` - support for the `description` property in
the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_linux_function_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_linux_function_app_slot` - support for the `description`
property in the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_linux_function_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_linux_web_app` - support for the `description` property in the
`ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_linux_web_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_linux_web_app_slot` - support for the `description` property in
the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_linux_web_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_mysql_flexible_server` - setting the `storage.size_gb` property
to a smaller value now forces a new resource to be created
([#25074](https://github.com/hashicorp/terraform-provider-azurerm/issues/25074))
*
`azurerm_orbital_contact_profile` - changing the `channels` property no
longer creates a new resource
([#25129](https://github.com/hashicorp/terraform-provider-azurerm/issues/25129))
*
`azurerm_private_dns_resolver_inbound_endpoint` - the
`private_ip_address` property is no longer required when
`private_ip_allocation_method` is `Dynamic`
([#25035](https://github.com/hashicorp/terraform-provider-azurerm/issues/25035))
*
`stream_analytics_output_blob` - support for the `blob_write_mode`
property
([#25127](https://github.com/hashicorp/terraform-provider-azurerm/issues/25127))
*
`azurerm_windows_function_app` - support for the `description` property
in the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_windows_function_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_windows_function_app_slot` - support for the `description`
property in the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_windows_function_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_windows_web_app` - support for the `description` property in
the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_windows_web_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))
*
`azurerm_windows_web_app_slot` - support for the `description` property
in the `ip_restriction` block
([#24527](https://github.com/hashicorp/terraform-provider-azurerm/issues/24527))
*
`azurerm_windows_web_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))

BUG
FIXES:

* Data Source: `azurerm_function_app_host_keys` -
correctly set `event_grid_extension_key` by searching for the renamed
property in the API response
([#25108](https://github.com/hashicorp/terraform-provider-azurerm/issues/25108))
*
`azurerm_app_service_public_certificate` - fix issue where certificate
information was not being set correctly in the read
([#24943](https://github.com/hashicorp/terraform-provider-azurerm/issues/24943))
*
`azurerm_container_registry` - prevent recreation of the resource when
the `georeplication.tags` are updated
([#24994](https://github.com/hashicorp/terraform-provider-azurerm/issues/24994))
*
`azurerm_firewall_policy_rule_collection_group` - fix issue where the
client subscription ID was used to construct the `firewall_policy_id`
([#25145](https://github.com/hashicorp/terraform-provider-azurerm/issues/25145))
*
`azurerm_function_app_hybrid_connection` - fix issue where
`SendKeyValue` was not populated in the API payload
([#23761](https://github.com/hashicorp/terraform-provider-azurerm/issues/23761))
*
`azurerm_orbital_contact_profile` - fix creation of the resource when
`event_hub_uri` is not specified
([#25128](https://github.com/hashicorp/terraform-provider-azurerm/issues/25128))
*
`azurerm_recovery_services_vault` - prevent a panic when `immutability`
is updated
([#25132](https://github.com/hashicorp/terraform-provider-azurerm/issues/25132))
*
`azurerm_storage_account` - fix issue where the queue encryption key
type was set as the table encryption key type
([#25046](https://github.com/hashicorp/terraform-provider-azurerm/issues/25046))
*
`azurerm_web_app_hybrid_connection` - fix issue where `SendKeyValue` was
not populated in the API payload
([#23761](https://github.com/hashicorp/terraform-provider-azurerm/issues/23761))
*
`azurerm_mssql_database` - fix incorrect error due to typo when using
`restore_long_term_retention_backup_id`
([#25180](https://github.com/hashicorp/terraform-provider-azurerm/issues/25180))

DEPRECATIONS:

*
Deprecated Resource: `azurerm_static_site`
([#25117](https://github.com/hashicorp/terraform-provider-azurerm/issues/25117))
*
Deprecated Resource: `azurerm_static_site_custom_domain`
([#25117](https://github.com/hashicorp/terraform-provider-azurerm/issues/25117))
*
`azurerm_kubernetes_fleet_manager` - the `hub_profile` property has been
deprecated
([#25010](https://github.com/hashicorp/terraform-provider-azurerm/issues/25010))


</pre>
</details>
</details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/40/">Jenkins
pipeline link</a>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
---------
Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Trying to fix
azurerm_pim_active_role_assignment,azurerm_pim_eligible_role_assignmentrelated issues. As the ID has be fixed to format{scope}|{roleDefinitionId}|{principalId}. The ID will not be changed, which makes the code tedious but functional and backward compatibility with previous versions though I want the add theschedule IDand theschedule request IDto make this part simpleUpdates:
Related issues: #23111 #24118 #23366