CODEWITHSUNDEEP
terraformterraform-provider-azure
Leo
Leo

Reputation: 11

Terraform azurerm data source resource group no object id

I want to create a role assignment which allows a resource group to contribute to a static ip adresse. The role assignment looks like the following:

  resource "azurerm_role_assignment" "public_ip_role" {
  scope                            = azurerm_public_ip.ingress_nginx.id
  role_definition_name             = "Contributor"
  principal_id                     = data.azurerm_resource_group.rg_aks.object_id
}

The data source looks like this:

data "azurerm_resource_group" "rg_aks" {
  name = "aks-my-${var.environment}"
}

The error I get is the following:

│ This object has no argument, nested block, or exported attribute named "object_id".

Upvotes: 0

Views: 1161

Answers (2)

Leo
Leo

Reputation: 11

So I found a way which works in this specific case. The principal_id which should be used is the one of a resource group created automatically by azure when creating a k8s cluster. I found out that the principal_id of this resource group can be found when inside the state of the created cluster. To find the id one has to find the cluster with "terraform state list" and then "terraform state show clusterName". The principal_id is under identity so it can be referenced with

azurerm_kubernetes_cluster.k8s.identity[0].principal_id

Upvotes: 0

Marko E
Marko E

Reputation: 18108

Looking at the documentation [1] it should be only .id:

  resource "azurerm_role_assignment" "public_ip_role" {
  scope                            = azurerm_public_ip.ingress_nginx.id
  role_definition_name             = "Contributor"
  principal_id                     = data.azurerm_resource_group.rg_aks.id
}

EDIT: Based on the comments, the error is not only because a wrong attribute of a data source is being accessed, rather a completely wrong data source is being used. As per the documentation [2], it should be azurerm_client_config:

data "azurerm_client_config" "example" {
}

resource "azurerm_role_assignment" "example" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azurerm_client_config.example.object_id
}

[1] https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group#id

[2] https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment#example-usage-using-a-built-in-role

Upvotes: 1

Related Questions