terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

azurerm_postgresql_flexible_server_active_directory_administrator can't be destroyed when linked to Group and active_directory_auth_enabled is on

Open mkarbo opened this issue 1 year ago • 6 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.4.6

AzureRM Provider Version

3.75.0

Affected Resource(s)/Data Source(s)

azurerm_postgresql_flexible_server_active_directory_administrator

Terraform Configuration Files

resource "azurerm_postgresql_flexible_server_active_directory_administrator" "aad_admin" {
  server_name         = azurerm_postgresql_flexible_server.db.name
  resource_group_name = var.resource_group_name
  tenant_id           = var.tenant_id
  object_id           = data.azuread_group.admin.object_id
  principal_name      = data.azuread_group.admin.display_name
  principal_type      = "Group"
}

Debug Output/Panic Output

module.XXX.azurerm_postgresql_flexible_server_active_directory_administrator.aad_admin: Still destroying... [id=/subscriptions/XXXX...s/XXX, 23m39s elapsed]

Expected Behaviour

It should be destroyed

Actual Behaviour

It never destroys

Steps to Reproduce

Use this (populate with your own variables)

resource "azurerm_postgresql_flexible_server" "db" {
  ...
  authentication {
    active_directory_auth_enabled = true
    password_auth_enabled         = false
    tenant_id                     = var.tenant_id
  }

}

data "azuread_group" "admin" {
  object_id        = var.admin_group_id
  security_enabled = true
}

resource "azurerm_postgresql_flexible_server_active_directory_administrator" "aad_admin" {
  server_name         = azurerm_postgresql_flexible_server.db.name
  resource_group_name = var.resource_group_name
  tenant_id           = var.tenant_id
  object_id           = data.azuread_group.admin.object_id
  principal_name      = data.azuread_group.admin.display_name
  principal_type      = "Group"
}

And then run terraform apply.

Important Factoids

Azure West europe

References

https://discuss.hashicorp.com/t/delete-postgresql-flexible-server-with-ad-admins-enabled/57042 seems to be reporting the same thing

mkarbo avatar Nov 09 '23 12:11 mkarbo