Open Menghua1 opened 3 months ago
Hi. Thanks for reporting this. The example is quite comprehensive and includes applying role assignments at levels that require elevated permissions. The error you are seeing here is because your account does not have management group contributor rights on the tenant root group management group.
I intend to add some simpler examples as soon as I get some time.
I suggest taking one of the examples from the read me as a starting point instead for now.
Also to be clear, we currently test this in a separate tenant where we can have these permissions. We do not use the 1ES tenant for testing this due to the elevated permission requirements.
@jongio We are unable to fully test every example in this module due to account permissions.
@jaredfholgate It would be better if you could add some lower scope examples (not include management group) in the template. Also, there are two errors in the Readme.md:
In each example, the source
is wrong, it should be changed to Azure/avm-res-authorization-roleassignment/azurerm
.
In examples4, assignnents
is misspelled, change to assignments
.
Describe the issue:
When trying to apply the default examples module, get the following error:
Repro Steps:
az login
.azd auth login
.azd init -t todo-nodejs-mongo-terraform
.infra/main.tf
with the following code:infra/output.tf
file.azd provision
.Expected behavior:
It can deploy without any errors.
@matt-FFFFFF, @jaredfholgate and @jongio for notification.