terraform-provider-azuread
terraform-provider-azuread copied to clipboard
hashicorp
azuread_group_member Provider produced inconsistent result after apply
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureAD Provider) Version
Terraform v1.1.9
on linux_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.22.0
Affected Resource(s)
-
azuread_group_member
Terraform Configuration Files
data "azuread_client_config" "current" {}
variable "groups" {
type = list(string)
default = [ "1", "2" ]
}
resource "azuread_group" "groups" {
for_each = toset(var.groups)
display_name = "azuread-bug-example-group-${each.value}"
description = "group to demo a bug"
security_enabled = true
prevent_duplicate_names = true
owners = [
data.azuread_client_config.current.object_id,
]
}
variable "members" {
type = list(string)
default = [
# at least 10 user UUIDs
]
}
locals {
group_members = merge([
for g in var.groups : {
for id in distinct(var.members) : lower("${g}_${id}") => {
group_id = azuread_group.groups[g].id
object_id = id
}
}
]...)
}
output "members" {
value = local.group_members
}
resource "azuread_group_member" "members" {
for_each = local.group_members
group_object_id = each.value.group_id
member_object_id = each.value.object_id
}
Debug Output
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to azuread_group_member.members["2_<redacted>"], provider
│ "provider[\"registry.terraform.io/hashicorp/azuread\"]" produced an unexpected new value: Root resource was
│ present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
Panic Output
N/A
Expected Behavior
azuread should be able to apply with no errors.
Actual Behavior
When adding users to multiple groups azuread provider will fail with an inconsistent state error when trying to create a large number of azuread_group_member resources.
Steps to Reproduce
-
terraform apply
References
- #763
Hi @daniel-anova, thanks for reporting this error. How many group members are you adding and to how many groups? Were the groups created as part of the same apply operation, or did they exist beforehand? Thanks!
Hi @daniel-anova, thanks for reporting this error. How many group members are you adding and to how many groups? Were the groups created as part of the same apply operation, or did they exist beforehand? Thanks!
My actual case is fairly close to the example shown above, I'm creating all our groups and assignments in terraform.
Currently, that's around 14 groups and 256 assignments but as commented in the example, 2 groups with 10 assignments each will be enough to trigger the issue.
So to clarify, I'm creating the groups and users on the same module, with updates adding groups and/or users.
This occurs for us in: terraform1.2.4 azuread 2.26.1
Creating 20 groups with 78 memberships.
I can also add that if there's a large number of resources already in state even small additions seem to trigger the issue.
Such has adding a dozen of memberships on a new set of groups.
Hi,
Same issue for me when adding members to an existing group. Members are groups created by Terraform :
data "azuread_group" "existing_group" {
object_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
resource "azuread_group" "new_groups" {
for_each = local.json_aad_groups
display_name = upper("AZ_${var.trigramme_app}_${each.value.display_name_suffix}")
owners = [data.azuread_user.requestor.object_id]
prevent_duplicate_names = true
security_enabled = true
}
resource "azuread_group_member" "member" {
for_each = local.json_aad_groups : {}
group_object_id = data.azuread_group.existing_group.object_id
member_object_id = azuread_group.new_groups[each.key].object_id
}
I encounter randomly the following issue :
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to azuread_group_member.member["group_dev"],
│ provider "provider[\"registry.terraform.io/hashicorp/azuread\"]" produced
│ an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
I use Terraform v1.2.5 and provider azuread v2.26.1
Like @daniel-anova, I use for_each loop operator. Maybe this use case could be the root cause ?
Any progress on mitigating this issue?
Using azuread v2.29.0 and with 226 lazuread_group_member resources spread across several AD groups I no longer seem to be able to add users without having to manually import state at this point.