-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
role_defintion is now including the scope as part of the assignable_scopes causing constant removals #8577
Comments
@tonedefdev Thank you for submitting this! It is odd to introduce this change in this PR. Maybe @jackofallops could provide some insight on this? On the other hand, I'll try to submit a PR to roll this back... |
Awesome! Thank you @magodo! |
It is a bug, the test config that should have covered it actually hid it as the same value was used for |
This comment has been minimized.
This comment has been minimized.
@magodo or @jackofallops - is there any update on when this will be added? I was hoping the next release of the provider would include this fix but that doesn't appear to be the case. This is a very annoying bug that clutters output of runs when you have a lot of role assignments, but we need to also use the ->2.28 provider version because it fixes a lot of other bugs with AKS. |
@magodo and @jackofallops any updates? its been over a month since this was reported. this is very annoying, you guys seem to have a fix already, and there have been several provider releases |
This comment has been minimized.
This comment has been minimized.
Ping @jackofallops, anything else I need to do to get the PR merged? |
still waiting for this fix. any updates? |
@jackofallops @magodo please, can we get this fix merged already? |
I've resolved the conflicts now, but I guess this PR is blocked because it introduces breaking changes, which will not be ideal to merge until a major version bump. |
is it possible to fix without introducing breaking changes? |
) * fix #8577 * change the `assignable_scopes` back to required * update per review
This has been released in version 2.45.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.45.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Community Note
Terraform (and AzureRM Provider) Version
Terraform v0.12.24
Affected Resource(s)
azurerm_role_definition
Terraform Configuration Files
Expected Behavior
Assignable scopes should only include the var.resource_group_id or the assignable_scopes that are defined.
Actual Behavior
After viewing the state file both the var.resource_group_id and the scope data.azurerm_subscription.primary.id are shown in the assignable_scopes. This causes each subsequent run to try and remove the data.azurerm_subscription.primary.id or whatever is in the scope reference.
Steps to Reproduce
terraform apply
Important Factoids
I was digging through the provider code and I believe the issue is here. Prior to 2.27 there was never a check for assignedScope as part of the assignableScopes. Here's the code from 2.26:
Now it's making a check to see if the assignableScopes contains the assignedScope which appears to actually be adding the scope now:
The text was updated successfully, but these errors were encountered: