Microsoft.Authorization/roleEligibilityScheduleRequests does not support DELETE

[jkroepke]

I'm unable to remove a azapi managed Microsoft.Authorization/roleEligibilityScheduleRequests.

│ --------------------------------------------------------------------------------
│ RESPONSE 405: 405 Method Not Allowed
│ ERROR CODE UNAVAILABLE
│ --------------------------------------------------------------------------------
│ {
│   "message": "The requested resource does not support http method 'DELETE'."
│ }
│ --------------------------------------------------------------------------------

The docs confirm that. There is not DELETE action. Instead, an Update with request type AdminRemove needs to be sent.

Thats what the azurerm provides does.

https://github.com/hashicorp/terraform-provider-azurerm/blob/6163a3659ea56095d66cfa19ec2edafc3899885e/internal/services/authorization/pim_eligible_role_assignment_resource.go#L589-L596

[ms-henglu]

Hi @jkroepke ,

Thank you for taking time to report this issue.

For this case, I'd recommend to use azapi_resource_action to update and delete this resource. But the problem is that azapi_resource_action could not monitor resource's changes made outside of Terraform.

Here's an example:

resource "azapi_resource_action" "create_roleEligibilityScheduleRequest" {
  type        = "Microsoft.Authorization/roleEligibilityScheduleRequests@2024-09-01-preview"
  resource_id = "..."
  method      = "PUT"
  body = {
    properties = {
      principalId      = ""
      requestType      = "AdminAssign"
      roleDefinitionId = ""
    }
  }
}

resource "azapi_resource_action" "delete_roleEligibilityScheduleRequest" {
  type        = "Microsoft.Authorization/roleEligibilityScheduleRequests@2024-09-01-preview"
  resource_id = "..."
  method      = "PUT"
  body = jsonencode({
    properties = {
      principalId      = ""
      requestType      = "AdminRemove"
      roleDefinitionId = ""

    }
  })
  when = "destroy"
}