terraform-provider-azuread
terraform-provider-azuread copied to clipboard
hashicorp
[azuread_application] Unable to remove owners from the actual infrastructure
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureAD Provider) Version
Terraform v1.0.0
+ provider registry.terraform.io/hashicorp/azuread v2.20.0
Affected Resource(s)
-
azuread_application
Terraform Configuration Files
Initial terraform apply
resource "azuread_application" "app-test01" {
display_name = "app-test01"
owners = [
"d4xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx1c",
"faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxd5"
]
}
Second terraform apply (owners argument removed)
resource "azuread_application" "app-test01" {
display_name = "app-test01"
}
Expected Behavior
- When the owners parameter is removed, terraform should detect a change and remove the owners from the actual infrastructure.
Actual Behavior
-
When the owners parameter is removed, terraform detects a change and also shows that modifications were completed successfully.
-
However, it fails to actually remove the owners from the azuread_application resource (therefore, the next apply shows an update-in-place where it tries to remove the owners again)
-
The change in the owners parameter is a permanent diff.
1. Terraform apply (after removing the owners parameter)
Terraform will perform the following actions:
# azuread_application.app-test01 will be updated in-place
~ resource "azuread_application" "app-test01" {
id = "4exxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx84"
~ owners = [
- "d4xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx1c",
- "faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxd5",
]
tags = []
# (14 unchanged attributes hidden)
# (6 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
azuread_application.app-test01: Modifying... [id=4exxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx84]
azuread_application.app-test01: Modifications complete after 2s [id=4exxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx84]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
2. Terraform apply (after approving removal of owners in previous apply)
Terraform will perform the following actions:
# azuread_application.app-test01 will be updated in-place
~ resource "azuread_application" "app-test01" {
id = "4exxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx84"
~ owners = [
- "d4xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx1c",
- "faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxd5",
]
tags = []
# (14 unchanged attributes hidden)
# (6 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Steps to Reproduce
-
terraform apply(with the owners parameter specified) -
terraform apply(after removing the owners parameter) -
terraform apply
Important Factoids
-
A similar issue was raised previously where terraform didn't detect a change in the owners parameter and hence, couldn't remove the owners. https://github.com/hashicorp/terraform-provider-azuread/issues/353
-
A fix was merged for the same which allows specifying owners an an empty list and enables the removal of owners.
-
However, currently, the changes are detected but terraform isn't able to remove the owners
