object_id should be current.service_principal_object_id

[akamalov]

Hey @tdsacilowski ,

I think object_id currently defined as "${data.azurerm_client_config.current.object_id}" should be "${data.azurerm_client_config.current.service_principal_object_id}" or it will fail:

[tdsacilowski]

Hi Alex, I originally tested using the Azure CLI login method (rather than service principal) which is why it worked for me. I did also test this on Terraform Cloud and had a successful plan:

Terraform v0.12.10
Configuring remote state backend...
Initializing Terraform configuration...
2019/10/16 22:06:27 [DEBUG] Using modified User-Agent: Terraform/0.12.10 TFC/63d0b7f7ac
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

The docs indicate that service_principal_object_id is only available when authenticating with via service principal. However, service_principal_object_id is also now deprecated and should be available via object_id:

Note: the following fields are only available when authenticating via a Service Principal (as opposed to using the Azure CLI) and have been deprecated:

service_principal_application_id is the Service Principal Application ID (same as client_id).
service_principal_object_id is the Service Principal Object ID (now available via object_id).

According to hashicorp/terraform-provider-azurerm#4486, it looks like this change was added in version 1.35.0 of the provider, so I wonder if perhaps you're on an older version of the provider? Can you try pinning to 1.35.0 and see if this is still an issue?

provider "azurerm" {
    version = "~> 1.35.0"
}
# ... other configuration ...

[akamalov]

Confirmed. Once azurerm provider version is set to 1.35.0, the original object_id reference did work:

object_id           = "${data.azurerm_client_config.current.object_id}"

Thank you so much @tdsacilowski