Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureAD Provider) Version
- terraform version 1.12.2
- AzureAD Provider version 3.7.0
Affected Resource(s)
azuread_synchronization_job_provision_on_demand
Terraform Configuration Files
terraform {
required_providers {
azuread = {
source = "hashicorp/azuread"
version = "~> 3.7.0"
}
}
}
provider "azuread" {
# Azure AD provider configuration will use environment variables or Azure CLI
}
resource "azuread_synchronization_job_provision_on_demand" "example" {
synchronization_job_id = "jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111"
service_principal_id = "00000000-0000-0000-0000-0000000000000"
parameter {
rule_id = "1111111-1111-2222-3333-9999999999"
subject {
object_id = "1111111-1111-2222-3333-444444444444"
object_type_name = "Group"
}
}
}Expected Behavior
While running terraform validate, this should not throw any error
Actual Behavior
│ Error: parsing "jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111": parsing the ServicePrincipalIdSynchronizationJob ID: the number of segments didn't match
│
│ Expected a ServicePrincipalIdSynchronizationJob ID that matched (containing 5 segments):
│
│ > /servicePrincipals/servicePrincipalId/synchronization/jobs/synchronizationJobId
│
│ However this value was provided (which was parsed into 0 segments):
│
│ > jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111
│
│ The following Segments are expected:
│
│ * Segment 0 - this should be the literal value "servicePrincipals"
│ * Segment 1 - this should be the user specified value for this servicePrincipalId [for example "servicePrincipalId"]
│ * Segment 2 - this should be the literal value "synchronization"
│ * Segment 3 - this should be the literal value "jobs"
│ * Segment 4 - this should be the user specified value for this synchronizationJobId [for example "synchronizationJobId"]
│
│ The following Segments were parsed:
│
│ * Segment 0 - not found
│ * Segment 1 - not found
│ * Segment 2 - not found
│ * Segment 3 - not found
│ * Segment 4 - not found
Steps to Reproduce
terraform validate
References
I was able to identify
|
jobId, err := stable.ParseServicePrincipalIdSynchronizationJobID(d.Get("synchronization_job_id").(string)) |
calling for
ParseServicePrincipalIdSynchronizationJobID which states in a doc comment:
// ParseServicePrincipalIdSynchronizationJobIDInsensitively parses 'input' case-insensitively into a ServicePrincipalIdSynchronizationJobId
// note: this method should only be used for API response data and not user input
And since synchronizationProvisionOnDemandResourceCreate is passing only the job_id I see why it would be interpreted as wrongful and expect the path.
Changing the synchronization_job_id makes the validation pass
resource "azuread_synchronization_job_provision_on_demand" "example" {
- synchronization_job_id = "jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111"
+ synchronization_job_id = "servicePrincipals/00000000-0000-0000-0000-0000000000000/synchronization/jobs/jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111"
service_principal_id = "00000000-0000-0000-0000-0000000000000"
parameter {
...But I'm not sure if this is what we want. Or, if it is, we should change the docs to describe this.
The same is true for service_principal_id. The validation passes but when planning it fails to parse with:
╷
│ Error: parsing "00000000-0000-0000-0000-0000000000000": parsing the ServicePrincipal ID: the number of segments didn't match
│
│ Expected a ServicePrincipal ID that matched (containing 2 segments):
│
│ > /servicePrincipals/servicePrincipalId
│
│ However this value was provided (which was parsed into 0 segments):
│
│ > 00000000-0000-0000-0000-0000000000000
Community Note
Terraform (and AzureAD Provider) Version
Affected Resource(s)
azuread_synchronization_job_provision_on_demandTerraform Configuration Files
Expected Behavior
While running
terraform validate, this should not throw any errorActual Behavior
Steps to Reproduce
terraform validateReferences
I was able to identify
terraform-provider-azuread/internal/services/synchronization/synchronization_job_provision_on_demand_resource.go
Line 133 in 35d9927
ParseServicePrincipalIdSynchronizationJobIDwhich states in a doc comment:And since
synchronizationProvisionOnDemandResourceCreateis passing only the job_id I see why it would be interpreted as wrongful and expect the path.Changing the
synchronization_job_idmakes the validation passresource "azuread_synchronization_job_provision_on_demand" "example" { - synchronization_job_id = "jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111" + synchronization_job_id = "servicePrincipals/00000000-0000-0000-0000-0000000000000/synchronization/jobs/jobName.09477d9c793d4cddb5de0c72dfce12d6.8888888-4444-4444-4444-111111111111" service_principal_id = "00000000-0000-0000-0000-0000000000000" parameter { ...But I'm not sure if this is what we want. Or, if it is, we should change the docs to describe this.
The same is true for
service_principal_id. The validation passes but when planning it fails to parse with: