Role assignment error when applying changes to Azure

Hi all,

New to Terraform here. Writing some simple code to test the water.

With existing resource already deplyed in Azure. I am trying to assign a registered App to a storage account as contributor. The code passes validation and plan, but when deploying it gives me this error

“Status=400 Code=“PrincipalTypeNotSupported” Message="Principals of type Application cannot validly be used in role assignments”

Is the wrong type of I am trying to assign to the principal_id of the storage? If thats the case, which one I should be using?

data “azuread_application” “adf-d-app” {

display_name = “adf-d-app”

}

resource “azurerm_role_assignment” “dstg-adf-rol” {

scope = azurerm_storage_account.adfdstg.id
role_definition_name = “Storage Blob Data Contributor”
principal_id = data.azuread_application.adf-d-app.object_id
skip_service_principal_aad_check = true

}

this seems to be a bug. I pulled the GUID value out from value that was displayed after hitting apply and just before enter yes to commit. Replaced the role with

principal_id = " GUID value I pull from previous failed apply"

Hit the apply and it works. No errors nor complains.