Not able to remove "assignment_review_settings" block in azuread_access_package_assignment_policy

[kumar1708]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.0

AzureRM Provider Version

3.81.0

Affected Resource(s)/Data Source(s)

assignment_review_settings

Terraform Configuration Files

resource "azuread_access_package_assignment_policy" "cloud_ops_basic_test_plans" {
  access_package_id = azuread_access_package.cloud_ops_basic_test_plans.id
  display_name      = "cloud-ops-basic-test-plans-assignment-policy"
  description       = "cloud ops Basic Test Plans assignment policy"

  requestor_settings {
    scope_type        = "AllExistingDirectorySubjects"
    requests_accepted = true
  }

  approval_settings {
    approval_required = true

    approval_stage {
      approval_timeout_in_days = 14

      primary_approver {
        object_id    = data.azuread_group.cloud_ops_admins.object_id
        subject_type = "groupMembers"
      }
    }
  }

}

Debug Output/Panic Output

Terraform Plan:

  # azuread_access_package_assignment_policy.cloud_ops_stakeholder will be updated in-place
  ~ resource "azuread_access_package_assignment_policy" "cloud_ops_stakeholder" {
        id                = "xxxxxxxxx"
        # (6 unchanged attributes hidden)

      ~ assignment_review_settings {
          - access_review_timeout_behavior  = "keepAccess" -> null
          - duration_in_days                = 6 -> null
          - enabled                         = true -> null
          - review_frequency                = "monthly" -> null
          - review_type                     = "Reviewers" -> null
            # (3 unchanged attributes hidden)

          - reviewer {
              - backup       = false -> null
              - object_id    = "xxxxxxxxx" -> null
              - subject_type = "singleUser" -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

Expected Behaviour

assignment_review_settings should be removed without any error

Actual Behaviour

AccessPackageAssignmentPolicyClient.BaseClient.Put(): unexpected status 400
with OData error: AccessReviewWrongDurationForRecurrenceType: The access
review duration entered does not work with the selected review frequency ''.
The duration should be between 1 and 0.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[rcskosir]

@kumar1708 Thanks for taking the time to open this issue. Since this issue is on the azuread_access_package_assignment_policy resource from the hashicorp/terraform-provider-azuread repository, I am going to move this issue to that repository.

[kumar1708]

Error which I am getting has empty ''.

The access review duration entered does not work with the selected review frequency '' .The duration should be between 1 and 0.

[kumar1708]

Could you please help on this issue, I am not able to remove the assignment_review_settings block even though I am removing the complete assignment_review_settings block as shown in terraform plan.

Terraform Plan:

azuread_access_package_assignment_policy.cloud_ops_stakeholder will be updated in-place

~ resource "azuread_access_package_assignment_policy" "cloud_ops_stakeholder" {
id = "xxxxxxxxx"
# (6 unchanged attributes hidden)

  ~ assignment_review_settings {
      - access_review_timeout_behavior  = "keepAccess" -> null
      - duration_in_days                = 6 -> null
      - enabled                         = true -> null
      - review_frequency                = "monthly" -> null
      - review_type                     = "Reviewers" -> null
        # (3 unchanged attributes hidden)

      - reviewer {
          - backup       = false -> null
          - object_id    = "xxxxxxxxx" -> null
          - subject_type = "singleUser" -> null
        }
    }

    # (2 unchanged blocks hidden)
}

And terraform apply output:

AccessPackageAssignmentPolicyClient.BaseClient.Put(): unexpected status 400
with OData error: AccessReviewWrongDurationForRecurrenceType: The access
review duration entered does not work with the selected review frequency ''.
The duration should be between 1 and 0.

[kumar1708]

@kumar1708 Thanks for taking the time to open this issue. Since this issue is on the azuread_access_package_assignment_policy resource from the hashicorp/terraform-provider-azuread repository, I am going to move this issue to that repository.

Any update on this ?

[kumar1708]

Any update on this ?