r/role_assignment: adding validation for scope

[tombuildsstuff]

This commit introduces validation to the scope field, validating that it's either a Management Group ID, Resource Group ID, Subscription ID or otherwise a Resource ID - to workaround the API usability issues identified in #9569.

This isn't perfect, but the error messages coming back from the API are particularly unhelpful to users unfamiliar with how the API works.

I've also taken the opportunity to split the tests out, since we can limit them one at a time in TC.

Ignoring one temporary failure due to a conflicting role assignment, the tests pass:

$ TF_ACC=1 envchain azurerm go test -v ./azurerm/internal/services/authorization/... -run=TestAccRoleAssignment_ -test.parallel=1 -timeout=60m
=== RUN   TestAccRoleAssignment_emptyName
=== PAUSE TestAccRoleAssignment_emptyName
=== RUN   TestAccRoleAssignment_roleName
=== PAUSE TestAccRoleAssignment_roleName
=== RUN   TestAccRoleAssignment_requiresImport
=== PAUSE TestAccRoleAssignment_requiresImport
=== RUN   TestAccRoleAssignment_dataActions
=== PAUSE TestAccRoleAssignment_dataActions
=== RUN   TestAccRoleAssignment_builtin
=== PAUSE TestAccRoleAssignment_builtin
=== RUN   TestAccRoleAssignment_custom
=== PAUSE TestAccRoleAssignment_custom
=== RUN   TestAccRoleAssignment_ServicePrincipal
=== PAUSE TestAccRoleAssignment_ServicePrincipal
=== RUN   TestAccRoleAssignment_ServicePrincipalWithType
=== PAUSE TestAccRoleAssignment_ServicePrincipalWithType
=== RUN   TestAccRoleAssignment_ServicePrincipalGroup
=== PAUSE TestAccRoleAssignment_ServicePrincipalGroup
=== RUN   TestAccRoleAssignment_managementGroup
=== PAUSE TestAccRoleAssignment_managementGroup
=== CONT  TestAccRoleAssignment_emptyName
--- PASS: TestAccRoleAssignment_emptyName (99.56s)
=== CONT  TestAccRoleAssignment_ServicePrincipal
--- PASS: TestAccRoleAssignment_ServicePrincipal (112.94s)
=== CONT  TestAccRoleAssignment_managementGroup
--- PASS: TestAccRoleAssignment_managementGroup (171.08s)
=== CONT  TestAccRoleAssignment_ServicePrincipalGroup
--- PASS: TestAccRoleAssignment_ServicePrincipalGroup (101.36s)
=== CONT  TestAccRoleAssignment_ServicePrincipalWithType
--- PASS: TestAccRoleAssignment_ServicePrincipalWithType (126.43s)
=== CONT  TestAccRoleAssignment_dataActions
    testing.go:684: Step 0 error: errors during apply:

        Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Code="RoleAssignmentExists" Message="The role assignment already exists."

          on /var/folders/09/6xztm5651pgbc_0mq7p265sw0000gn/T/tf-test666009848/main.tf line 12:
          (source code not available)


--- FAIL: TestAccRoleAssignment_dataActions (31.27s)
=== CONT  TestAccRoleAssignment_custom
--- PASS: TestAccRoleAssignment_custom (152.03s)
=== CONT  TestAccRoleAssignment_builtin
--- PASS: TestAccRoleAssignment_builtin (95.05s)
=== CONT  TestAccRoleAssignment_requiresImport
--- PASS: TestAccRoleAssignment_requiresImport (112.09s)
=== CONT  TestAccRoleAssignment_roleName
--- PASS: TestAccRoleAssignment_roleName (92.40s)
FAIL

[katbyte]

LGTM 👍

[ghost]

This has been released in version 2.46.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.46.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!