Error loading Role Assignment for import on shared image gallery

[ost-chouse]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.13.5

• provider registry.terraform.io/hashicorp/azuread v1.4.0
• provider registry.terraform.io/hashicorp/azurerm v2.61.0

Affected Resource(s)

• azurerm_shared_image_gallery
• azurerm_role_assignment

Terraform Configuration Files

data "azuread_service_principal" "sp" {
  for_each = toset(var.owner_service_principles)
  display_name     = each.value
}

resource "azurerm_role_assignment" "ra" {
  for_each = toset(var.owner_service_principles)

  role_definition_name = "Reader"
  scope                = azurerm_shared_image_gallery.sig.id
  principal_id         = data.azuread_service_principal.sp[each.key].id
}

Expected Behaviour

Role assignments are already present in Azure Portal.

Not sure if similar bug related to 2.61 (#12060), but role assignments should have imported successfully. Ultimately they should not have been removed from state during previous apply with 2.61.

Actual Behaviour

Acquiring state lock. This may take a few moments...
azurerm_role_assignment.ra["sp-corp-nonprd-owner-azuredevops"]: Importing from ID "/subscriptions/.../resourceGroups/rg-corp-shared-mgmt-wus/providers/Microsoft.Compute/galleries/sig_corp_shared_wus"...
azurerm_role_assignment.ra["sp-corp-nonprd-owner-azuredevops"]: Import prepared!
  Prepared azurerm_role_assignment for import
azurerm_role_assignment.ra["sp-corp-nonprd-owner-azuredevops"]: Refreshing state... [id=/subscriptions/.../resourceGroups/rg-corp-shared-mgmt-wus/providers/Microsoft.Compute/galleries/sig_corp_shared_wus]

Error: Error loading Role Assignment "/subscriptions/.../resourceGroups/rg-corp-shared-mgmt-wus/providers/Microsoft.Compute/galleries/sig_corp_shared_wus": authorization.RoleAssignmentsClient#GetByID: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'westus' and API version '2020-04-01-preview' for type 'galleries'. The supported api-versions are '2018-06-01, 2019-03-01, 2019-07-01, 2019-12-01, 2020-09-30'. The supported locations are 'westcentralus, southcentralus, eastus2, southeastasia, westeurope, westus, eastus, canadacentral, northeurope, northcentralus, brazilsouth, ukwest, westindia, eastasia, australiaeast, japaneast, koreasouth, westus2, canadaeast, uksouth, centralindia, southindia, australiasoutheast, japanwest, koreacentral, francecentral, centralus, australiacentral, southafricanorth, uaenorth, switzerlandnorth, germanywestcentral, norwayeast, jioindiawest, westus3'."

Have tried azurerm versions back to 2.58 with same result.

Steps to Reproduce

Import an existing role assignment for a shared image gallery and after azurerm 2.61 has removed it erroneously from state.

References

• Error in azurerm_role_assignment #12060
• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment#import

[aristosvo]

This one is not exactly related to #12060. What you are missing is the role assignment part of your ID, if you know that by any change and postfix it you'd be fine, like: <resource_id_as_you_have_it_now>/providers/Microsoft.Authorization/roleAssignments/<role_id>

You could use

data "azurerm_role_definition" "byname" {
  name  = "Owner"
}

[katbyte]

@ost-chouse - this might have been fixed in v2.62.1, can you check and confirm this is still an issue? thanks!

[tombuildsstuff]

Closing this out since we've not heard back here.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.