duzitong
commented
1 month ago You may try to comment out this part https://github.com/Azure/Edge-infrastructure-quickstart-template/blob/main/modules/hci/rolebindings.tf#L21C1-L30C2
But be aware that this change will apply to all sites referencing this module. If the module was used to create a site, removing these lines will cause the role assignment for old sites being removed. You may need to manually add it back.
Another option is that you can copy the base module to another module. Then comment these out. You can reference the copied module in your new sites.
Running Merge Action for additional Site, and running into an issue. I have given the SPN Contributor, Key Vault Admin and User Access Admin on the Resource Group. I have confirmed that the SPN is not Azure Connected Machine Onboarding, Azure Connected Machine Resource Administrator.
TF Apply Errors at:
Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Code="RoleAssignmentExists" Message="The role assignment already exists." │ │ with module.base.module.hci.azurerm_role_assignment.ServicePrincipalRoleAssign["ACMRM"], │ on ....\modules\hci\rolebindings.tf line 13, in resource "azurerm_role_assignment" "ServicePrincipalRoleAssign": │ 13: resource "azurerm_role_assignment" "ServicePrincipalRoleAssign" { │ ╵ Error: Terraform exited with code 1. Error: Process completed with exit code 1.
https://github.com/mgodfre3/Edge-infrastructure-quickstart-template/actions/runs/9993532559
In the past I have pre-created SPN and provided specific rights to the Subscription, I would prefer to provide a SPN instead of create one during deployment, if possible.