terraformazure-rmazure-app-configuration
Terraform: Waiting for App Configuration Key read permission to be propagated
I'm trying to create an app configuration with two features but I get an error:
│
│ with module.appconfig.azurerm_app_configuration_feature.advanced,
│ on app_config\main.tf line 27, in resource "azurerm_app_configuration_feature" "keyname":│ 27: resource "azurerm_app_configuration_feature" "keyname" {
│
│ waiting for App Configuration Key ".appconfig.featureflag/keyname" read permission to be propagated: timeout while waiting for state to become 'Error, Exists' (last state: 'Forbidden', timeout: 44m59.3893417s)
╵
This is my code snippet:
data "azurerm_client_config" "data" {
}
resource "azurerm_resource_group" "test" {
name = "rg-sample-4"
location = "eastus"
}
resource "azurerm_role_assignment" "app_configuration_role" {
scope = azurerm_resource_group.test.id
role_definition_name = "App Configuration Data Owner"
principal_id = data.azurerm_client_config.data.object_id
}
resource "azurerm_app_configuration" "this" {
name = "appconfig-94"
resource_group_name = "rg-sample-4"
location = "eastus"
sku = var.APP_CONFIGURATION_SKU
local_auth_enabled = var.APP_CONFIGURATION_LOCAL_AUTH_ENABLED #true
public_network_access = var.APP_CONFIGURATION_PUBLIC_NETWORK_ACCESS #"Enabled"
purge_protection_enabled = var.APP_CONFIGURATION_PURGE_PROTECTION_ENABLED #false
soft_delete_retention_days = var.APP_CONFIGURATION_SOFT_DELETE_RETENTION_DAYS #1
depends_on = [
azurerm_role_assignment.app_configuration_role,
]
}
resource "azurerm_app_configuration_feature" "keyname" {
configuration_store_id = azurerm_app_configuration.this.id
description = var.ADVANCED_FEATURE_DESCRIPTION
name = var.ADVANCED_FEATURE_NAME
label = var.ADVANCED_FEATURE_LABEL
enabled = var.ADVANCED_FEATURE_ENABLED
}
resource "azurerm_app_configuration_feature" "keynametwo" {
configuration_store_id = azurerm_app_configuration.this.id
description = var.EXTENSION_FEATURE_DESCRIPTION
name = var.EXTENSION_FEATURE_NAME
label = var.EXTENSION_FEATURE_LABEL
enabled = var.EXTENSION_FEATURE_ENABLED
}
azurerm = {
source = "hashicorp/azurerm"
version = "=3.52.0"
}
I took this from: https://github.com/hashicorp/terraform-provider-azurerm/issues/15721#issuecomment-1103532799
And I also checked the documentation but anything doesnt work for me: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_configuration_feature
Does anybody know the reason for that error and how to fix it? Thank you!
Solution
Check the following code
terraform {
backend "azurerm" {
resource_group_name = "xx"
storage_account_name = "remotestate"
container_name = "terraform"
key = "terraform.tfstate"
}
}
Use time_sleep to wait for the role to be created .
resource "azurerm_role_assignment" "app_configuration_role" {
scope = data.azurerm_resource_group.example.id
role_definition_name = "App Configuration Data Owner"
principal_id = data.azurerm_client_config.current.object_id
}
resource "time_sleep" "role_assignment_sleep" {
create_duration = "60s"
triggers = {
role_assignment = azurerm_role_assignment.app_configuration_role.id
}
}
Then add depends_on > time_sleep.role_assignment_sleep so that app configuration creattion waits for the role creation and could read the keys
resource "azurerm_app_configuration" "this" {
name = "appconfig"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
sku = <sku>
local_auth_enabled = true
public_network_access = "Enabled"
purge_protection_enabled = false
soft_delete_retention_days = 1
depends_on = [
azurerm_role_assignment.app_configuration_role,
time_sleep.role_assignment_sleep
]
}
Upon terraform plan
Upon terraform apply
