-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Data Factory Managed identity not available in first run sometime #431
Comments
Hi @ashikansal, thanks for reporting this. I believe this is an API consistency issue which although we can potentially work around, this would require brute force and would only be a best effort. However, such a workaround will be negated soon as we migrate to the newer Microsoft Graph API where these types of inconsistencies are much rarer. As we are getting close to releasing this newer API support, I'm not sure we'll be able to work on this specifically right now, but it will likely be resolved anyway in the next release. |
Thanks @manicminer for your reply. Code: ` data "azuread_service_principal" "adf_msi" { resource "azuread_group_member" "adf_msi" { Am i doing something wrong here?? On re-run , it works as MSI is already created by that time. |
@ashikansal You aren't doing anything wrong in your configuration. This is unfortunately likely to be the same API consistency issue. The Azure Active Directory Graph API that is currently used by the AzureAD provider generally exhibits a delay in read and write operations, which is why the artificial delay you introduced tends to sidestep the issue. Whilst we have added workarounds in places where it's most needed, we don't have a blanket read retry mechanism in place - if we were to add this it would more significantly affect the apply time of a Terraform apply run, with no guarantees of mitigation in all cases. Additionally, due to the ongoing API transition to Microsoft Graph (where these consistncy issues are much reduced or eliminated), we're currently in an effective change freeze excepting any major bugs that might come up. I believe you'll see this issue go away in the next release if you enable the upcoming beta support for Microsoft Graph; please keep an eye on the releases over the next few days and look out for updated provider documentation once the release lands. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform (and AzureAD Provider) Version
Terraform v0.14.8
provider.azuread v1.4.0
provider.azurerm v2.56.0
Affected Resource(s)
azuread_group_member
azurerm_data_factory
Terraform Configuration Files
Debug Output
Panic Output
Error: Adding group member
on main.tf line 43, in resource "azuread_group_member" "shir_group_member":
43: resource "azuread_group_member" "shir_group_member" {
adding group member "0f2f3a05-20b4-45c3-bc2c-94ad60161801" to Group with ID
"3209d52b-707c-4456-bdec-fa9318140cee": graphrbac.GroupsClient#AddMember:
Failure responding to request: StatusCode=404 -- Original Error:
autorest/azure: Service returned an error. Status=404 Code="Unknown"
Message="Unknown service error"
Details=[{"odata.error":{"code":"Request_ResourceNotFound","date":"2021-04-29T15:27:04","message":{"lang":"en","value":"Resource
'0f2f3a05-20b4-45c3-bc2c-94ad60161801' does not exist or one of its queried
reference-property objects are not
present."},"requestId":"b8761e0a-8e72-4ebd-bbfe-88d2855febe6"}}]
Expected Behavior
Azure data factory Managed identity should get added to AD group on first run every time
Actual Behavior
Azure data factory Managed identity not getting added to AD group sometimes on first run as managed identity taking time in creation properly and on second run succeed as it is available till then
Steps to Reproduce
terraform apply
This issue is not always though. But occurs on first time if happen.
Important Factoids
References
The text was updated successfully, but these errors were encountered: