terraform-provider-azuread
terraform-provider-azuread copied to clipboard
hashicorp
Import syntax for users changed in `v3`, ID must be prefixed by `/users/`
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureAD Provider) Version
3.0.1
Affected Resource(s)
azuread_user
Note: possibly others are affected. I haven't tested.
Terraform Configuration Files
import {
to = azuread_user.my_user
id = "00000000-0000-0000-0000-000000000000"
}
resource "azuread_user" "my_user" {
user_principal_name = "[email protected]"
display_name = "J. Doe"
mail_nickname = "jdoe"
password = "SecretP@sswd99!"
}
Note: this syntax is valid and working with v2.53.1 of the provider.
Debug Output
N/A
Panic Output
N/A
Expected Behavior
terraform plan should complete successfully using the syntax as per. the documentation.
Actual Behavior
terraform plan fails with the following error:
╷
│ Error: parsing "91067de2-e7a4-49fc-9515-541709b2293c": parsing the User ID: the number of segments didn't match
│
│ Expected a User ID that matched (containing 2 segments):
│
│ > /users/userId
│
│ However this value was provided (which was parsed into 0 segments):
│
│ > 91067de2-e7a4-49fc-9515-541709b2293c
│
│ The following Segments are expected:
│
│ * Segment 0 - this should be the literal value "users"
│ * Segment 1 - this should be the user specified value for this userId [for example "userId"]
│
│ The following Segments were parsed:
│
│ * Segment 0 - not found
│ * Segment 1 - not found
│
│
│
╵
Steps to Reproduce
- Just
terraformplan with a tenant configured in the provider config.
Important Factoids
Workaround / fix
Either downgrade to v2.53.1 of the provider or change the syntax for the id part of the import as shown below.
This configuration is working with v3.0.1 of the provider. The only change to the code is that the value of the id field is prefixed with /users/.
import {
to = azuread_user.my_user
id = "/users/00000000-0000-0000-0000-000000000000"
}
resource "azuread_user" "my_user" {
user_principal_name = "[email protected]"
display_name = "J. Doe"
mail_nickname = "jdoe"
password = "SecretP@sswd99!"
}
Note: this syntax is just valid and working with v3.x of the provider.
Using this with v2.53.1 of the provider results in:
Error: specified ID ("/users/00000000-0000-0000-0000-000000000000") is not valid: uuid string is wrong length
References
N/A
Its the same for the "authentication_strength_policy_id" under "grant_controls" in "azuread_conditional_access_policy". So I guess this is somehow on purpose.
Thanks for reporting @Laffs2k5. @logikkreise is correct, the ID format has been updated to take the form /users/{uuid} rather than just the plain {uuid}. It looks like this was missed in the documentation updates, I'll look to update this.
Same applies to azuread_group, which now needs /groups/{uuid} for the import.
Just stumbled upon this myself for conditional access policies and named locations - it's been 3+ months and the documentation for v3 still doesn't reflect the new syntax?
Can we get that updated urgently please? This is going to cause so much pain for people
the 4x provider appears to go back to the original syntax only needing the ID.....but the import docs are wrong....
tf import 'azuread_group.groups["developers"]' 'groups/some-uuid'
fails with
Error: specified ID ("/groups/my-group-uuid") is not valid: uuid string is wrong length
but tf import 'azuread_group.groups["developers"]' 'some-uuid' works
