CODEWITHSUNDEEP
azureazure-devopsterraformterraform-provider-azure
Tauqir
Tauqir

Reputation: 205

Unable to get SystemAssigned identity attributes in terraform azure provider

With the following app service definition

data "azurerm_resource_group" "rg" {
  name = var.resource_group_name
}

# Creates our new App Service
resource "azurerm_app_service" "app" {
  name                    = var.app_name
  app_service_plan_id     = var.app_service_plan_id
  location                = data.azurerm_resource_group.rg.location
  resource_group_name     = data.azurerm_resource_group.rg.name
  client_affinity_enabled = false
  enabled                 = true
  https_only              = true

  app_settings = var.app_settings

  site_config {
    always_on                 = true
    http2_enabled             = true
    use_32_bit_worker_process = false
    scm_type                  = "LocalGit"
    default_documents         = var.default_documents

    cors {
      allowed_origins     = var.cors_allowed_origins
      support_credentials = var.cors_enabled
    }
  }

  identity {
    type = "SystemAssigned"
  }

I am setting the keyvault access policy like so

resource "azurerm_key_vault_access_policy" "app" {
  key_vault_id       = var.key_vault_id
  tenant_id          = azurerm_app_service.app.identity[0].tenant_id
  object_id          = azurerm_app_service.app.identity[0].principal_id
  secret_permissions = ["get", "list"]
}

However azure provider for terraform gives this errors

Error: "object_id": required field is not set

  on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
  68: resource "azurerm_key_vault_access_policy" "app" {



Error: "tenant_id": required field is not set

  on ..\modules\app-service\main.tf line 68, in resource "azurerm_key_vault_access_policy" "app":
  68: resource "azurerm_key_vault_access_policy" "app" {

as if the identity block does not provide the tenant_id and principal_id attribute

Any ideas?

Upvotes: 6

Views: 3720

Answers (2)

Tauqir
Tauqir

Reputation: 205

The issue turned out that the app service in azure had the 'SystemAssigned' turned off and this was causing the plan and apply to fail. Fixing the azure service fixed our problem. Our problem probably could also have been fixed by tainting the app-service and by destroying and recreating the infrastructure.

Upvotes: 8

4c74356b41
4c74356b41

Reputation: 72191

should be this:

${azurerm_app_service.app.identity.0.tenant_id}
${azurerm_app_service.app.identity.0.principal_id}

https://www.terraform.io/docs/providers/azurerm/r/app_service.html#attributes-reference

Upvotes: 0

Related Questions