Deployment Failed: 'PrincipalNotFound' error when deploying Discovery Service

[ryanpfalz]

Expected Behavior

When the user opts to use the automatically configured Discovery Service in the wizard, the resource should successfully deploy.

Current Behavior

Deployment of the Discovery Service occasionally fails, throwing the following error details:

{ 
    "status": "Failed",
    "error": {
        "code": "DeploymentFailed",
        "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
        "details": [
            {
                "code": "BadRequest",
                "message": "{\r\n  \"error\": {\r\n    \"code\": \"PrincipalNotFound\",\r\n    \"message\": \"Principal <principal> does not exist in the directory <guid>. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group.  See [https://aka.ms/docs-principaltype\"\r\n](https://aka.ms/docs-principaltype/%22/r/n)  }\r\n}"
            }
        ]
    }
}

Steps to Reproduce

1. Visit the Quick Start guide and press the 'Deploy to Azure' button.
2. In the 'Custom Deployment' page that opens, fill out all required fields, and choose 'true' in the 'Use Discovery Service' dropdown.
3. Review + Create the deployment.

Additional Information

• When I enabled the discovery service, I was able to reproduce this issue 3 out of the 5 times I tried to deploy. Fortunately, I was able to successfully get the discovery service to deploy on 2 of my attempts.
• The error is described as being an intermittent issue in the docs, caused by the fact that it takes some time for a newly created service principal to be replicated globally; however, this issue occurs because a role is immediately attempted to be assigned to that service principal.
• This potential issue is not described in the documentation for the Discovery Service.

Is it possible to introduce a dependency into the template to mitigate this issue?

[Mandur]

Hello @ryanpfalz,
Thank you very much for submitting this very detailed issue. I will replicate and see if the suggested fix indeed solves the issue! Based on previous experiences with Terraform, I fear a simple dependency might not be sufficient, but let's see..