Unable to create more than one azuread_user_flow_attribute

[tre7roja]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Affected Resource(s)

• azuread_user_flow_attribute

Terraform Configuration Files

class StackB2CApp(TerraformStack):
    def __init__(self, scope: Construct, id: str, tenant_id: str, basename: str, env: str, sub: str, root_tenant_id: str):
        super().__init__(scope, id)

           alias_azuread = AzureadProvider(self, "azuread_alias",
               alias="alias",
               tenant_id=tenant_id
           )

           app=Application(self, "app1",
            provider=alias_azuread,
            display_name="app1",
            notes="App1 application",
            sign_in_audience="AzureADMyOrg",
            required_resource_access=[
                {
                    "resourceAppId": "00000003-0000-0000-c000-000000000000",
                    "resourceAccess": [
                        {
                            "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
                            "type": "Scope"
                        },
                        {
                            "id": "37f7f235-527c-4136-accd-4a02d197296e",
                            "type": "Scope"
                        },
                        {
                            "id": "1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9",
                            "type": "Role"
                        },
                        {
                            "id": "65319a09-a2be-469d-8782-f6b07debf789",
                            "type": "Role"
                            }
                    ]
                }
            ],
        )
        appPassword=ApplicationPassword(self, "default",
            provider=alias_azuread,
            application_object_id=app.object_id,
            display_name="default"
        )
        Password = TerraformOutput(self, 'application-password-id',
            value=appPassword.value,
            sensitive=True
        )

        alias = AzureadProvider(self, "azureadP",
            alias="alias",
            tenant_id=tenant_id,
            client_id=app.application_id,
            client_secret=Password.value,
        )
        userFlowAttributes = {
            "Att1": "Desc1",
            "Att2": "Desc2",
            "Att3": "Desc3"
        }
        for att in userFlowAttributes:
            UserFlowAttribute(self, att,
                provider=alias,
                data_type="string", 
                description=userFlowAttributes[att], 
                display_name=att,
        )

Debug Output

Panic Output

Expected Behavior

Create three user attributes in the adb2c tenant

Actual Behavior

Only one tenant adb2c is created but no error is displayed

Steps to Reproduce

1. cdktf deploy StackB2CApp

Important Factoids

References

• #0000

[tre7roja]

azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalUserId (OriginalUserId): Creating...
                     azuread_user_flow_attribute.IdentityId (IdentityId): Creating...
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Creating...
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalUserId (OriginalUserId): Creation complete after 5s [id=extension_<id>_OriginalUserId]
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Creation complete after 6s [id=extension_<id>_OriginalPassword]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [10s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [20s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [30s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [40s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [50s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m0s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m10s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m20s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m30s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m40s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [1m50s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [2m0s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [2m10s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [2m20s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still creating... [2m30s elapsed]
azure-adb2c-app-prd  ╷
                     │ Error: Provider produced inconsistent result after apply
                     │ 
                     │ When applying changes to azuread_user_flow_attribute.IdentityId (IdentityId), provider
                     │ "provider[\"registry.terraform.io/hashicorp/azuread\"].a_a_p" produced an
                     │ unexpected new value: Root resource was present, but now absent.
                     │ 
                     │ This is a bug in the provider, which should be reported in the provider's own
                     │ issue tracker.
                     ╵


0 Stacks deploying     2 Stacks done     0 Stacks waiting
Invoking Terraform CLI failed with exit code 1

[tre7roja]

Same behaviour to destroy it

azure-adb2c-app-prd  Enter a value: yes
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Destroying... [id=extension_<id>_OriginalPassword]
                     azuread_user_flow_attribute.IdentityId (IdentityId): Destroying... [id=extension_<id>_IdentityId]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still destroying... [id=extension_<id>_IdentityId, 10s elapsed]
                     azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Still destroying... [id=extension_<id>_OriginalPassword, 10s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Still destroying... [id=extension_<id>_IdentityId, 20s elapsed]
                     azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Still destroying... [id=extension_<id>_OriginalPassword, 20s elapsed]
azure-adb2c-app-prd  azuread_user_flow_attribute.IdentityId (IdentityId): Destruction complete after 26s
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Still destroying... [id=extension_<id>_OriginalPassword, 30s elapsed]
...
azure-adb2c-app-prd  azuread_user_flow_attribute.OriginalPassword (OriginalPassword): Still destroying... [id=extension_<id>_OriginalPassword, 4m51s elapsed]
azure-adb2c-app-prd  ╷
                     │ Error: Waiting for deletion of user flow attribute with ID "extension_<id>_OriginalPassword"
                     │ 
                     │ context deadline exceeded
                     ╵


0 Stacks destroying     1 Stack done     1 Stack waiting
Invoking Terraform CLI failed with exit code 1

[manicminer]

Thanks for reporting @tre7roja. At first glance this looks like an eventual consistency issue with the API, but will need further digging to find the root cause.

[tre7roja]

Thanks @manicminer