azuread_application_pre_authorized does not properly destroy

[KenSpur]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v1.7.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.47.0

Affected Resource(s)

• azuread_application_pre_authorized

Expected Behavior

All specified applications should be removed from the pre-authorized list.

Actual Behavior

The concurrent destruction operations interfere with each other, leading to a scenario where one application remains in the pre-authorized list. It appears that each operation updates the list without being aware of the other's modifications, resulting in one application erroneously remaining.

Steps to Reproduce

clone KenSpur/terraform-azuread-application-pre-authorized-destroy-issue

# Login to Azure

az login

# Setup Applications

cd setup

terraform init
terraform apply

# Recreate Issue

cd ..

terraform init
terraform apply
terraform destroy
terraform apply

# Error: A resource with the ID "*/preAuthorizedApplication/*" already exists < will be thrown

[KenSpur]

Looking at internal/services/applications/application_pre_authorized_resource.go > func applicationPreAuthorizedResourceDelete

The issue seems to stem from concurrent operations both reading and writing to the pre-authorized applications array simultaneously. Each operation does not account for changes made by the other, leading to a race condition.

[manicminer]

Fixed with #1299