Unable to assign role definition to service principal - service returned an error. Status=405

ashisa commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Affected Resource(s)

azurerm_role_assignment

Terraform Configuration Files

resource "azurerm_role_definition" "azure_role_definition_for_atlas" {
  name        = "${format("AtlasPeering/%s/%s/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  description = "${format("Grants MongoDB access to manage peering connections on network /subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  scope       = "${format("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  permissions {
    actions     = [
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
      "Microsoft.Network/virtualNetworks/peer/action"
    ]
    not_actions = []
  }
  assignable_scopes = [
    "${format("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  ]
}

resource "azurerm_role_assignment" "azure_role_assignment_for_atlas" {
  name               = "${format("AtlasPeeringRoleAssignment/%s/%s/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  scope              = "${format("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s", data.azurerm_subscription.current_subscription_details.subscription_id, var.resource_group_name, var.vnet_name)}"
  role_definition_id = "${azurerm_role_definition.azure_role_definition_for_atlas.id}"
  principal_id       = "${azuread_service_principal.azure_ad_service_principal_for_atlas.application_id}"
}

Debug Output

Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=405 -- Original Error: autorest/azure: Service returned an error. Status=405 Code="" Message="The requested resource does not support http method 'PUT'."

Panic Output

None

Expected Behavior

Role assignment operation succeeds.

Actual Behavior

We get the following error - Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=405 -- Original Error: autorest/azure: Service returned an error. Status=405 Code="" Message="The requested resource does not support http method 'PUT'."

Steps to Reproduce

terraform apply

Important Factoids

Trying to set up Atlas MongoDB on Azure as documented here - https://docs.atlas.mongodb.com/reference/api/vpc-create-peering-connection/

The steps documented on the link use Azure CLI, however, we are trying to Terraform to automate this part. All other steps work fine as mentioned above in our configuration. It's just the role assignment which fails with status 405.

References

https://docs.atlas.mongodb.com/reference/api/vpc-create-peering-connection/

0000

ghost commented 4 years ago

This has been released in version 2.0.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.0.0"
}
# ... other configuration ...

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

hashicorp / terraform-provider-azurerm