You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The grant_consent.sh script included in modules/azuread/applications/scripts/ seems to have issues when switching from running Terraform as a user account to service principal:
Deploy an application/SP (caf_launchpad_level0) as a user account
Then login as this SP, and rerun the same deployment
│ Error: local-exec provisioner error
│
│ with module.launchpad.module.azuread_applications["caf_launchpad_level0"].null_resource.grant_admin_consent["microsoft_graph-RoleManagement_ReadWrite_Directory"],
│ on ../../terraform-azurerm-caf/modules/azuread/applications/api_permissions.tf line 60, in resource "null_resource" "grant_admin_consent":
│ 60: provisioner "local-exec" {
│
│ Error running command '../../terraform-azurerm-caf/modules/azuread/applications/scripts/grant_consent.sh': exit status 1. Output: -resourceId:
│ xxx
│ - uri: https://graph.microsoft.com/v1.0/servicePrincipals/xxx/appRoleAssignedTo
│ - body: {
│ "principalId": "xxx",
│ "resourceId": "xxx",
│ "appRoleId": "xxx"
│ }
│ ERROR: Bad Request({"error":{"code":"Request_BadRequest","message":"Permission being assigned already exists on the
│ object","innerError":{"date":"2021-10-27T19:16:50","request-id":"xxx","client-request-id":"xxx"}}})
Some initial debugging seems to show that the following line returns nothing:
The
grant_consent.shscript included inmodules/azuread/applications/scripts/seems to have issues when switching from running Terraform as a user account to service principal:Some initial debugging seems to show that the following line returns nothing:
So it goes ahead and tries to re-add the app role, resulting in the above error.
The text was updated successfully, but these errors were encountered: