confusing error message when attempting to apply a role assignment to the wrong resource path

[Supermathie]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7

• provider.azurerm v1.9.0
• provider.random v1.3.1

Affected Resource(s)

• azurerm_role_assignment

Terraform Configuration Files

resource "azurerm_role_assignment" "role_assignment" {
  scope                = "${azurerm_storage_account.app.id}/${azurerm_storage_container.assets.id}"
  role_definition_id   = "${azurerm_role_definition.blob_contributor.id}"
  principal_id         = "${local.principal_id}"

  lifecycle {
    ignore_changes = ["name"]
  }
}

Debug Output

2018-07-12T11:42:23.348-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: 2018/07/12 11:42:23 [DEBUG] AzureRM Request:
2018-07-12T11:42:23.348-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: PUT //subscriptions/16b9f5dc-3276-4b32-91b2-xxxx/resourceGroups/xxxx-dev-michael-discuss/providers/M
icrosoft.Storage/storageAccounts/xxxxdevmichaeldiscuss/assets/providers/Microsoft.Authorization/roleAssignments/3679d899-b537-7386-dfbe-xxxx?api-version=2018-01-01-preview HTTP/1.1
2018-07-12T11:42:23.348-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Host: management.azure.com
2018-07-12T11:42:23.348-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: User-Agent: Go/go1.9.2 (amd64-linux) go-autorest/v10.12.0 Azure-SDK-For-Go/v18.0.0 authorization/2018-01-01-
…
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: 2018/07/12 11:42:23 [DEBUG] AzureRM Response for https://management.azure.com//subscriptions/16b9f5dc-3276-4
b32-91b2-8f783177b1bb/resourceGroups/xxxx-dev-michael-meta/providers/Microsoft.Storage/storageAccounts/xxxxdevmichaelmeta/assets/providers/Microsoft.Authorization/roleAssignments/3594f34a-6e
93-3e6f-03fd-xxxx?api-version=2018-01-01-preview:
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: HTTP/1.1 400 Bad Request
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Content-Length: 704
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Cache-Control: no-cache
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Content-Type: application/json; charset=utf-8
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Date: Thu, 12 Jul 2018 15:42:22 GMT
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Expires: -1
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Pragma: no-cache
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: Strict-Transport-Security: max-age=31536000; includeSubDomains
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: X-Content-Type-Options: nosniff
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: X-Ms-Correlation-Request-Id: bbbfea90-4ecd-45a8-ac69-xxxx
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: X-Ms-Failure-Cause: gateway
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: X-Ms-Request-Id: bbbfea90-4ecd-45a8-ac69-fb5395d99da8
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: X-Ms-Routing-Request-Id: WESTUS:20180712T154223Z:bbbfea90-4ecd-45a8-ac69-xxxx
2018-07-12T11:42:23.597-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.9.0_x4: 
2018/07/12 11:42:23 [ERROR] root.meta_cluster: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* azurerm_role_assignment.role_assignment: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'eastus' and API version '2018-01-01-preview' for type 'storageAccounts'. The supported api-versions are '2018-03-01-preview, 2018-02-01, 2017-10-01, 2017-06-01, 2016-12-01, 2016-05-01, 2016-01-01, 2015-06-15, 2015-05-01-preview'. The supported locations are 'eastus, eastus2, westus, westeurope, eastasia, southeastasia, japaneast, japanwest, northcentralus, southcentralus, centralus, northeurope, brazilsouth, australiaeast, australiasoutheast, southindia, centralindia, westindia, canadaeast, canadacentral, westus2, westcentralus, uksouth, ukwest, koreacentral, koreasouth, francecentral'."

(full output available on request)

Panic Output

Expected Behavior

The role assignment is created normally.

Actual Behavior

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + module.discuss_cluster.azurerm_role_assignment.role_assignment
      id:                 <computed>
      name:               <computed>
      principal_id:       "c0824800-21a1-471a-8863-49427d649293"
      role_definition_id: "/subscriptions/16b9f5dc-3276-4b32-91b2-xxxx/providers/Microsoft.Authorization/roleDefinitions/29b53033-c386-ba60-e9c0-xxxx"
      scope:              "/subscriptions/16b9f5dc-3276-4b32-91b2-xxxx/resourceGroups/xxxx-dev-michael-discuss/providers/Microsoft.Storage/storageAccounts/xxxxdevmichaeldiscuss/assets"

Error: Error applying plan:

2 error(s) occurred:

* module.meta_cluster.azurerm_role_assignment.role_assignment: 1 error(s) occurred:

* azurerm_role_assignment.role_assignment: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'eastus' and API version '2018-01-01-preview' for type 'storageAccounts'. The supported api-versions are '2018-03-01-preview, 2018-02-01, 2017-10-01, 2017-06-01, 2016-12-01, 2016-05-01, 2016-01-01, 2015-06-15, 2015-05-01-preview'. The supported locations are 'eastus, eastus2, westus, westeurope, eastasia, southeastasia, japaneast, japanwest, northcentralus, southcentralus, centralus, northeurope, brazilsouth, australiaeast, australiasoutheast, southindia, centralindia, westindia, canadaeast, canadacentral, westus2, westcentralus, uksouth, ukwest, koreacentral, koreasouth, francecentral'."

Looks like terraform is trying to use the 2018-01-01-preview API version which is not a valid version - it should (at a guess) be using 2018-02-01 or 2018-03-01-preview

Steps to Reproduce

1. terraform apply

Important Factoids

Ø

References

Ø

[Supermathie]

Seems to be a result of trying to scope to the wrong path, but perhaps there is room for improvement in the error message?

[pearcec]

@Supermathie 👋 How is it going? This is a really old issue. I was reading through the code. preview as ditched a while ago. I can see the v1.32.0 is running 2019-04-01. Would you please test with v1.44.0 or v2.4.0?

9e21773

[favoretti]

Since this issue seems to have been addressed in the latest versions of the provider. I'm going to close it. Please open a new updated bug report if this is still relevant. Thank you.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.