https://pulumi.com logo
Join Slack
Powered by
ran into another one where I create User Identies,...
# general
b
ran into another one where I create User Identies, then try to use them, and it says "principalId doesn't exist", which the identity.principalId should be a promise on its own, but I also added a 
dependsOn: uai
and same situation
m
We had a separate report of something similar here but involving service principals earlier today.
We believe that there may be a bug in the TF provider (see e.g. https://github.com/terraform-providers/terraform-provider-azurerm/issues/2113), but we are actively investigating.
b
awesome ty
here's some debug if it helps
test.txt
Copy code
let uai_name = Utils.get_uai_name(container.id, env_id, region)
            let uai = new azure.msi.UserAssignedIdentity(uai_name, {
                    name: uai_name,
                    resourceGroupName: uai_resource_group_name,
                    location: definition_map.region_map[region]['name'],
                    tags: {
                        'manifiest_id': container.id,
                        'env_id': env_id,
                        'resource_type': 'storage',
                        'region': definition_map.region_map[region]['name'],
                        'location': definition_map.region_map[region]['name'],
                        'resource_region': storage.region,
                        'resource_account': storage_account_name_parsed,
                        'resource_container': container.name
                    }                
                }
            );

            let assignment_scope = Utils.get_resource_scope('st', String(azure_config.subscriptionId), storage_resource_group_name, storage_account_name_parsed, container.name);
            let assignment_id = Utils.get_uai_assignment_id(container.id, env_id, definition_map.region_map[region]['number'])

            let storage_container_assignment = new azure.role.Assignment(assignment_id, {
                    name: assignment_id,
                    principalId: uai.principalId,
                    roleDefinitionId: blob_reader_role_definition.id,
                    scope: assignment_scope
                },
                { dependsOn: uai }
            );
added a 👍 on this issue and my previous on github
Open in Slack
PreviousNext
Powered by