skeeler
commented
1 year ago @ashley-kainos, the issue you are experiencing is due to the following Azure AD group (38f33f7e-a471-4630-8ce9-c6653495a2ee) being referenced in the logging.parameters.json file:
This AAD group is from a different AAD tenant than yours. You have a couple options:
- Create your own AAD group in your tenant whose members should have Contributor role access to your logging subscription and use its ID (GUID) instead in the
logging.parameters.jsonconfiguration file. - If you don't need/want to assign an AAD group to the Contributors role for your logging subscription, you can remove the existing (sample) AAD group ID, E.g.:
"securityGroupObjectIds": [ ]
Describe the bug am running the logging pipeline and it fails with following error: ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b/providers/Microsoft.Resources/deployments/main-canadacentral","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":{"code":"ResourceDeploymentFailure","target":"/subscriptions/b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b/providers/Microsoft.Resources/deployments/subscription-scaffold-upkmqmzpx76gs","message":"The 'AzureAsyncOperationWaiting' resource operation completed with terminal provisioning state 'Failed'.","details":[{"code":"DeploymentFailed","target":"/subscriptions/b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b/providers/Microsoft.Resources/deployments/subscription-scaffold-upkmqmzpx76gs","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"ResourceDeploymentFailure","target":"/subscriptions/b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b/providers/Microsoft.Resources/deployments/rbac-b24988ac-6180-42a0-ab88-20f7382dd24c-upkmqmzpx76gs","message":"The 'AzureAsyncOperationWaiting' resource operation completed with terminal provisioning state 'Failed'.","details":[{"code":"DeploymentFailed","target":"/subscriptions/b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b/providers/Microsoft.Resources/deployments/rbac-b24988ac-6180-42a0-ab88-20f7382dd24c-upkmqmzpx76gs","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"PrincipalNotFound","message":"Principal 38f33f7ea47146308ce9c6653495a2ee does not exist in the directory 832b0908-3585-4294-a01c-7763fc195006. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. See [https://aka.ms/docs-principaltype"}]}]}]}]}]}}
[error]Caller: 5 /home/vsts/work/_temp/azureclitaskscript1681854260344.sh, LineNo: 1, Command: az deployment sub create --name 'main-canadacentral' --location canadacentral --subscription b1cdc9c0-de05-4c7b-b29c-6dcf7e815a8b --template-file main.bicep --parameters @/home/vsts/work/1/s/config/logging/Kainos-ALZ-main/logging.parameters.json
[error]Script failed with exit code: 1
To Reproduce I run the pipeline from Devops
Expected behavior Pipeline should run and deploy logging as per step 5.3 https://github.com/Azure/CanadaPubSecALZ/blob/main/docs/onboarding/azure-devops-pipelines.md#step-5---configure-logging
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information if applicable):
Software versions used:
Additional context Add any other context about the problem here