I trying to create user and then create resources by this user. And discovered that provider’s cannot depend on resources.
So I want something like:
provider “blabla_admin” {connects to service with admin rights} ->
resource “blabla_create” “user” {creates ordinary user} ->
provider “blabla_user” {connects to service with created user} ->
resource “blabla_stuff” “user” {other work with service with users rights}
So, provider “blabla_user” cannot connect to service before user created. So it has to depend on resource “blabla_create” “user”.
And BTW this is really normal usecase for work with clouds, DBs, server administration and so on.
This would normally be done in two different Terraform configurations, because it would be done by two different users at two different times:
First, somebody with authorization to do user management (typically the Admin/Owner role) will do a change to IAM/AzureAD/etc so that users who need to manage the application service get the required access to the account/subscription.
Then, the application management users (call them DevOps or whatever) use their access to the DevOps role to manage the deployment and configuration of the application.
It’s two distinctly different processes, so it would probably not be a good idea to combine them within a single “terraform apply” step.