Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"terraform import azurerm_role_definition" pulls null values for scope #4351

Closed
Grant-Rc opened this issue Sep 17, 2019 · 3 comments
Closed

"terraform import azurerm_role_definition" pulls null values for scope #4351

Grant-Rc opened this issue Sep 17, 2019 · 3 comments
Labels
bug service/roles
Milestone
v2.16.0

Comments

@Grant-Rc
Copy link

Grant-Rc commented Sep 17, 2019
edited

Hello team,

I had a Team member show me a better way to structure my Terraform and pushing state to S3 and getting it into a local gitlab etc.
In doing so I lost the state file for my Azure custom roles, he said I can use the import function to sort this out.

Now this is were my issue comes, the import works fine but when I run Terraform plan it says
azurerm_role_definition.customrole must be replaced
scope = "/subscriptions/00000000-0000-0000-0000-000000000000" # forces replacement
looking at the state file the entries for scope are null
"scope": null

and as defined here https://www.terraform.io/docs/providers/azurerm/r/role_definition.html

scope - (Required) The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

So its changing from "null" to a value and as such forcing a the role to be replaced. This would be fine but you cant delete the role because it is in use across multiple subscriptions.

workaround was to manual edit the state file to add the scope but that not ideal.

anyone come across this? googling i dont find direct link to this issue.
@mbfrahry mbfrahry added this to the v2.16.0 milestone Jun 22, 2020
@mbfrahry mbfrahry mentioned this issue Jun 22, 2020
Merged
@tombuildsstuff
Copy link
Member

Fixed via #7424

@ghost
Copy link

ghost commented Jun 25, 2020

This has been released in version 2.16.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.16.0"
}
# ... other configuration ...

@ghost
Copy link

ghost commented Jul 25, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@hashicorp hashicorp locked and limited conversation to collaborators Jul 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/roles
Projects
None yet
Milestone
v2.16.0
Development

No branches or pull requests
4 participants
@tombuildsstuff @katbyte @Grant-Rc @mbfrahry