Error: Could not retrieve calling principal object "" - ODataId was nil

[ravensorb]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

2.22.0

Affected Resource(s)

• azuread_group

Terraform Configuration Files

resource "azuread_group" "dc_admins" {
  count                = var.create_domain_group ? 1 : 0
  display_name   = "AAD DC Administrators"
  description       = "AADDS Administrators"
  members           = [ element(coalescelist(azuread_user.dc_admin.*.object_id, data.azuread_user.dc_admin.*.object_id, [""]), 0)  ]
  security_enabled  = true
}

Debug Output

https://gist.github.com/ravensorb/d5fc67e389f6b2ceef38604c53232844

Panic Output

Expected Behavior

Azure AD Group should be created

Actual Behavior

Applying Terraform Plan module.azure-aadds.azuread_group.dc_admins[0]: Creating... ╷ │ Error: Could not retrieve calling principal object "b2833a55-XXXX-4bde-XXXX-3c6aa82b8a61" │ │ with module.azure-aadds.azuread_group.dc_admins[0], │ on .terraform\modules\azure-aadds\main.tf line 218, in resource "azuread_group" "dc_admins": │ 218: resource "azuread_group" "dc_admins" { │ │ ODataId was nil

Steps to Reproduce

1. $env:ARM_SUBSCRIPTION_ID = "..."
2. $env:ARM_TENANT_ID = "..."
3. $env:ARM_CLIENT_ID = "..."
4. $env:ARM_CLIENT_SECRET = "..."
5. terraform apply

Important Factoids

• Azure Public is being used
• Issue exists on both windows and linux

References

• #614

[manicminer]

Hi @ravensorb, thanks for reporting. Whilst you mention provider version 2.22.0 in your issue, the log is showing that version 2.0.1 is being used. Additionally, the error ODataId was nil is no longer an error reported by the provider since this lookup failure was fixed in an earlier version. Can you double check that you're using the latest provider version and post an updated log file? Thanks!

[ravensorb]

Good catch -- On the linux box it was using 2.22.0 and on the windows box it was using 2.0.1. I just updated the windows machine and confirmed it still occurs.

[manicminer]

@ravensorb Thanks for responding, please can you provide an updated debug log showing the error? As mentioned, this particular error message hasn't existed in the provider since v2.6.0.

[alexanderfrei]

I have similar error:

╷
│ Error: Could not retrieve calling principal object "78219010-0f09-4932-87b2-779fb9b5a08e"
│ 
│   with module.iam[0].azuread_group.owner,
│   on modules/iam/main.tf line 1, in resource "azuread_group" "owner":
│    1: resource "azuread_group" "owner" {
│ 
│ DirectoryObjects.BaseClient.Get(): unexpected status 400 with OData error:
│ BadRequest: Resource not found for the segment '
│ 57db1d5b-5bf4-4921-90a5-0e070a41f510'.
╵
Releasing state lock. This may take a few moments...

my tf code:

resource "azuread_group" "owner" {
  display_name     = "${var.azure_ad_group_prefix}-${var.azure_ad_group_name}-Owner"
  security_enabled = true
}

provider:

Initializing provider plugins...
- Finding hashicorp/azurerm versions matching ">= 3.0.0"...
- Finding latest version of hashicorp/azuread...
- Installing hashicorp/azurerm v3.39.1...
- Installed hashicorp/azurerm v3.39.1 (signed by HashiCorp)
- Installing hashicorp/azuread v2.32.0...
- Installed hashicorp/azuread v2.32.0 (signed by HashiCorp)

[manicminer]

@alexanderfrei Thanks for reporting, as this is a different error please could you open a new issue with the details, and also configmring whether you are getting the error consistently or intermittently. Thanks!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.