You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I had a Team member show me a better way to structure my Terraform and pushing state to S3 and getting it into a local gitlab etc.
In doing so I lost the state file for my Azure custom roles, he said I can use the import function to sort this out.
Now this is were my issue comes, the import works fine but when I run Terraform plan it says
azurerm_role_definition.customrole must be replaced
scope = "/subscriptions/00000000-0000-0000-0000-000000000000" # forces replacement
looking at the state file the entries for scope are null
"scope": null
scope - (Required) The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.
So its changing from "null" to a value and as such forcing a the role to be replaced. This would be fine but you cant delete the role because it is in use across multiple subscriptions.
workaround was to manual edit the state file to add the scope but that not ideal.
anyone come across this? googling i dont find direct link to this issue.
The text was updated successfully, but these errors were encountered:
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
ghost
locked and limited conversation to collaborators
Jul 25, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello team,
I had a Team member show me a better way to structure my Terraform and pushing state to S3 and getting it into a local gitlab etc.
In doing so I lost the state file for my Azure custom roles, he said I can use the import function to sort this out.
Now this is were my issue comes, the import works fine but when I run Terraform plan it says
azurerm_role_definition.customrole must be replaced
scope = "/subscriptions/00000000-0000-0000-0000-000000000000" # forces replacement
looking at the state file the entries for scope are null
"scope": null
and as defined here https://www.terraform.io/docs/providers/azurerm/r/role_definition.html
scope - (Required) The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.
So its changing from "null" to a value and as such forcing a the role to be replaced. This would be fine but you cant delete the role because it is in use across multiple subscriptions.
workaround was to manual edit the state file to add the scope but that not ideal.
anyone come across this? googling i dont find direct link to this issue.
The text was updated successfully, but these errors were encountered: