azure resource group creation fails

barrymac commented 7 years ago

ISSUE TYPE

Bug Report
COMPONENT NAME

azure_rm_resourcegroup

ANSIBLE VERSION

ansible 2.2.0.0 also tried with github pip install at this time

CONFIGURATION

OS / ENVIRONMENT

Linux

pip freeze | grep azure
azure==2.0.0rc5
azure-batch==0.30.0rc5
azure-cli==0.1.0b10
azure-cli-acr==0.1.0b10
azure-cli-acs==0.1.0b10
azure-cli-appservice==0.1.0b10
azure-cli-cloud==0.1.0b10
azure-cli-component==0.1.0b10
azure-cli-configure==0.1.0b10
azure-cli-container==0.1.0b10
azure-cli-context==0.1.0b10
azure-cli-core==0.1.0b10
azure-cli-feedback==0.1.0b10
azure-cli-network==0.1.0b10
azure-cli-profile==0.1.0b10
azure-cli-resource==0.1.0b10
azure-cli-role==0.1.0b10
azure-cli-storage==0.1.0b10
azure-cli-vm==0.1.0b10
azure-common==1.1.4
azure-graphrbac==0.30.0rc6
azure-mgmt==0.30.0rc5
azure-mgmt-authorization==0.30.0rc6
azure-mgmt-batch==0.30.0rc5
azure-mgmt-cdn==0.30.0rc5
azure-mgmt-cognitiveservices==0.30.0rc5
azure-mgmt-commerce==0.30.0rc5
azure-mgmt-compute==0.32.1
azure-mgmt-containerregistry==0.1.0
azure-mgmt-dns==0.30.0rc6
azure-mgmt-keyvault==0.30.0rc5
azure-mgmt-logic==0.30.0rc5
azure-mgmt-network==0.30.0rc6
azure-mgmt-notificationhubs==0.30.0rc5
azure-mgmt-nspkg==1.0.0
azure-mgmt-powerbiembedded==0.30.0rc5
azure-mgmt-redis==0.30.0rc5
azure-mgmt-resource==0.30.2
azure-mgmt-scheduler==0.30.0rc5
azure-mgmt-storage==0.30.0rc6
azure-mgmt-trafficmanager==0.30.0rc6
azure-mgmt-web==0.30.1
azure-nspkg==1.0.0
azure-servicebus==0.20.2
azure-servicemanagement-legacy==0.20.3
azure-storage==0.33.0
msrestazure==0.4.5

SUMMARY

Resource Group Creation fails due to 403 on existence check url

STEPS TO REPRODUCE

- name: Create a resource group
  azure_rm_resourcegroup:
    name: devtesting
    location: westus
    tags:
        testing: testing
        delete: never

EXPECTED RESULTS

Expected resource group to be created

ACTUAL RESULTS

fatal: [development-tools]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "ad_user": null, 
            "append_tags": true, 
            "client_id": null, 
            "force": false, 
            "location": "westus", 
            "name": "devtesting", 
            "password": null, 
            "profile": null, 
            "secret": null, 
            "state": "present", 
            "subscription_id": null, 
            "tags": {
                "delete": "never", 
                "testing": "testing"
            }, 
            "tenant": null
        }, 
        "module_name": "azure_rm_resourcegroup"
    }, 
    "msg": "Error checking for existence of name devtesting - 403 Client Error: Forbidden for url: https://management.azure.com/subscriptions/MYSUBID/resourcegroups/devtesting?api-version=2016-09-01"
}

ansibot commented 7 years ago

@ansible ping, this issue is waiting for your response. click here for bot help

ansibot commented 7 years ago

This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible

Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo.

palmerabollo commented 7 years ago

Same issue in ansible 2.3.x @barrymac did you find a workaround?

hariprakash-123 commented 7 years ago

I found a solution. By passing tenant to UserPassCredentials In azure_rm_common.py file, inside ansible/module_utils applied the patch like below,

line no 188,

self.azure_credentials = UserPassCredentials(self.credentials['ad_user'], self.credentials['password'])

change the above line like

self.azure_credentials = UserPassCredentials(self.credentials['ad_user'], self.credentials['password'], tenant=self.credentials['tenant'])

Then it's working fine.

ansibot commented 7 years ago

This issue was migrated to https://github.com/ansible/ansible/issues/29446

ansible / ansible-modules-core