Role assignment error when applying changes to Azure

Hi all,

New to Terraform here. Writing some simple code to test the water.

With existing resource already deplyed in Azure. I am trying to assign a registered App to a storage account as contributor. The code passes validation and plan, but when deploying it gives me this error

“Status=400 Code=“PrincipalTypeNotSupported” Message="Principals of type Application cannot validly be used in role assignments”

Is the wrong type of I am trying to assign to the principal_id of the storage? If thats the case, which one I should be using?

data “azuread_application” “adf-d-app” {

display_name = “adf-d-app”


resource “azurerm_role_assignment” “dstg-adf-rol” {

scope =
role_definition_name = “Storage Blob Data Contributor”
principal_id = data.azuread_application.adf-d-app.object_id
skip_service_principal_aad_check = true


this seems to be a bug. I pulled the GUID value out from value that was displayed after hitting apply and just before enter yes to commit. Replaced the role with

principal_id = " GUID value I pull from previous failed apply"

Hit the apply and it works. No errors nor complains.

Hi I have the same problem!
for " App registrations"
“principal_id” is not “Essentials” ----- > “Object ID”
please clicke “Managed application in local directory” your name href.
in “Properties” the “Object ID” is different, and this “Object ID” is “principal_id”