-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_role_assignment
- Support scope
to be /providers/Subscription
#17456
azurerm_role_assignment
- Support scope
to be /providers/Subscription
#17456
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add a test for this?
@katbyte Unfortunately, I was only able to manage to run it via my user account. When I use a SP, the API failed with:
|
we should still have a test for it? and if that is a limitation we should be documenting it? |
@katbyte I believe currently we don't have a way to test via CLI auth? I've put down a comment to mention the prerequisite when setting the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@magodo - you can still write the test and run them locally, we just don't have a way to run them in TC yet so if you can detect UA/no SP and skip that would be good
@katbyte I've added the test which will always be skipped. As I failed to figure out a way to run acctest via CLI auth (as the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as long as the test is there for future use all good - LGTM provided the config passes for you locally
This functionality has been released in v3.21.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Fix #17397.
The prerequisite to assign role to the subscription scope is described at https://docs.microsoft.com/en-us/answers/questions/604740/user-does-not-have-access-microsoftsubscriptionali.html. I've elevated my running account and manage the role assignment to anther sp using this scope locally successfully, via
terraform apply/plan/destroy
.I've also tested for the management group scope, i.e.
/providers/Microsoft.Management
, where the API failed saying that this is an invalid scope.