Terraform-provider-azurerm: Bad Request errors should not be retried for 5 minutes before being reported to the user

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

> terraform -v
Terraform v0.11.7
+ provider.azurerm v1.12.0

Affected Resource(s)

• azurerm_role_assignment (but probably many, possibly all, others)

Terraform Configuration Files

provider "azurerm" {}

resource "azurerm_resource_group" "rg" {
  name      = "rg_foo"
  location  = "West Europe"
}

data "azurerm_builtin_role_definition" "owner" {
  name = "Owner"
}

resource "azurerm_role_assignment" "owners" {
  scope               = "${azurerm_resource_group.rg.id}"
  role_definition_id  = "${data.azurerm_builtin_role_definition.owner.id}"
  principal_id        = "[email protected]" // invalid; this should be a guid
}

Debug Output

Debug log and full console output: https://gist.github.com/tlycken/e18e55edb42c84f5d3043e823140b9d9

Expected Behavior

After the request to create the resource failed with 400 Bad Request the first time, the error should have been reported to the user, and the process should have been aborted. (Possibly, this specific error could have been validated already before sending the request, but nonetheless Bad Request errors should be handled better.)

Actual Behavior

The process kept waiting for a resource that would never be created, retrying every now and then (see the debug log for details). Not until the role had failed to be created for 5 minutes was an error message presented to the user.

Steps to Reproduce

1. terraform apply