From aede34079dc94806171b4188a0fb43c8aad483b3 Mon Sep 17 00:00:00 2001
From: Megan Marsh <megan@hashicorp.com>
Date: Wed, 5 Aug 2020 09:52:11 -0700
Subject: [PATCH 1/2] provide more helpful error message than the one returned
 by the client, without context

---
 builder/azure/arm/config.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/builder/azure/arm/config.go b/builder/azure/arm/config.go
index 21c5d393e..0d8783e69 100644
--- a/builder/azure/arm/config.go
+++ b/builder/azure/arm/config.go
@@ -787,6 +787,10 @@ func assertRequiredParametersSet(c *Config, errs *packer.MultiError) {
 		for _, rid := range c.UserAssignedManagedIdentities {
 			r, err := client.ParseResourceID(rid)
 			if err != nil {
+				err := fmt.Errorf("Error parsing resource ID from `user_assigned_managed_identities`; please make sure"+
+					" that this value follows the full resource id format: "+
+					"/subscriptions/<SUBSCRIPTON_ID>/resourcegroups/<RESOURCE_GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER_ASSIGNED_IDENTITY_NAME>.\n"+
+					" Original error: %s", err)
 				errs = packer.MultiErrorAppend(errs, err)
 			} else {
 				if !strings.EqualFold(r.Provider, "Microsoft.ManagedIdentity") {

From 4964c54f606533b66fc37ee7adce120c249bd4c0 Mon Sep 17 00:00:00 2001
From: Megan Marsh <megan@hashicorp.com>
Date: Thu, 6 Aug 2020 10:41:18 -0700
Subject: [PATCH 2/2] update docs to state resource id must be fully qualified

---
 builder/azure/arm/config.go                                    | 3 ++-
 .../pages/partials/builder/azure/arm/Config-not-required.mdx   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/builder/azure/arm/config.go b/builder/azure/arm/config.go
index 0d8783e69..6a543a9c1 100644
--- a/builder/azure/arm/config.go
+++ b/builder/azure/arm/config.go
@@ -103,7 +103,8 @@ type Config struct {
 	// Authentication via OAUTH
 	ClientConfig client.Config `mapstructure:",squash"`
 
-	// If set with one or more resource ids of user assigned managed identities, they will be configured on the VM.
+	// A list of one or more fully-qualified resource IDs of user assigned
+	// managed identities to be configured on the VM.
 	// See [documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
 	// for how to acquire tokens within the VM.
 	// To assign a user assigned managed identity to a VM, the provided account or service principal must have [Managed Identity Operator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#managed-identity-operator)
diff --git a/website/pages/partials/builder/azure/arm/Config-not-required.mdx b/website/pages/partials/builder/azure/arm/Config-not-required.mdx
index b5da86b1b..9b86e3ab7 100644
--- a/website/pages/partials/builder/azure/arm/Config-not-required.mdx
+++ b/website/pages/partials/builder/azure/arm/Config-not-required.mdx
@@ -1,6 +1,7 @@
 <!-- Code generated from the comments of the Config struct in builder/azure/arm/config.go; DO NOT EDIT MANUALLY -->
 
-- `user_assigned_managed_identities` ([]string) - If set with one or more resource ids of user assigned managed identities, they will be configured on the VM.
+- `user_assigned_managed_identities` ([]string) - A list of one or more fully-qualified resource IDs of user assigned
+  managed identities to be configured on the VM.
   See [documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token)
   for how to acquire tokens within the VM.
   To assign a user assigned managed identity to a VM, the provided account or service principal must have [Managed Identity Operator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#managed-identity-operator)