msgraph_resource fails after successful resource creation when the Microsoft Graph API response body does not contain a top-level id field. The provider appears to extract the resource ID exclusively from an id field in the JSON response. When the API uses a different field as the primary identifier (e.g. tenantId), the provider cannot determine the resource ID and throws an error, even though the resource was created successfully in Azure.
Example:
resource "msgraph_resource" "partner_in_source" {
provider = msgraph.source
url = "policies/crossTenantAccessPolicy/partners"
body = {
tenantId = var.target_tenant_id
automaticUserConsentSettings = {
outboundAllowed = true
}
}
}
Actual behavior:
POST /policies/crossTenantAccessPolicy/partners succeeds (HTTP 201), the partner object is created in Azure, but Terraform reports:
Error: waiting for creation of policies/crossTenantAccessPolicy/partners: retrieving resource: resource ID is empty
The resource exists in Azure but Terraform marks the apply as failed and does not store the resource in state.
Expected behavior:
The provider should either:
Support an id_field attribute to specify which response field to use as the resource ID (e.g. id_field = "tenantId"), or
Fall back to a URL-derived ID when no id field is present in the response
Root cause:
Microsoft Graph API for crossTenantAccessPolicy/partners returns the created object with tenantId as the identifier — there is no id field in the response. The provider has no mechanism to handle this pattern.
Workaround:
Use null_resource with az rest provisioner:
resource "null_resource" "partner_in_source" {
provisioner "local-exec" {
command = "az rest --method POST --url '...partners' --body '{"tenantId":"..."}'"
}
}
msgraph_resource fails after successful resource creation when the Microsoft Graph API response body does not contain a top-level id field. The provider appears to extract the resource ID exclusively from an id field in the JSON response. When the API uses a different field as the primary identifier (e.g. tenantId), the provider cannot determine the resource ID and throws an error, even though the resource was created successfully in Azure.
Example:
resource "msgraph_resource" "partner_in_source" {
provider = msgraph.source
url = "policies/crossTenantAccessPolicy/partners"
body = {
tenantId = var.target_tenant_id
automaticUserConsentSettings = {
outboundAllowed = true
}
}
}
Actual behavior:
POST /policies/crossTenantAccessPolicy/partners succeeds (HTTP 201), the partner object is created in Azure, but Terraform reports:
Error: waiting for creation of policies/crossTenantAccessPolicy/partners: retrieving resource: resource ID is empty
The resource exists in Azure but Terraform marks the apply as failed and does not store the resource in state.
Expected behavior:
The provider should either:
Support an id_field attribute to specify which response field to use as the resource ID (e.g. id_field = "tenantId"), or
Fall back to a URL-derived ID when no id field is present in the response
Root cause:
Microsoft Graph API for crossTenantAccessPolicy/partners returns the created object with tenantId as the identifier — there is no id field in the response. The provider has no mechanism to handle this pattern.
Workaround:
Use null_resource with az rest provisioner:
resource "null_resource" "partner_in_source" {
provisioner "local-exec" {
command = "az rest --method POST --url '...partners' --body '{"tenantId":"..."}'"
}
}