**I am trying to fetch DNS A record from Azure using SPN(Service Principal Name). But I am receiving authorization specific error. While I try to fetch A record using AZ cli with same SPN I get the details successfully as expected. The SPN have DNS zone contributor role assigned on Specific Zone which I am trying to access using ansible **.
Below is my code
hosts: localhost
tasks:
- name: get recordset
azure.azcollection.azure_rm_privatednsrecordset_info:
resource_group: prd-eus2-ops-dns-03
zone_name: withbc.com
relative_name: bcmod01
record_type: A
I receive below error
The client ‘529e0886-6e6d-4cd4-b9b5-1514a6af97a8’ with object id ‘529e0886-6e6d-4cd4-b9b5-1514a6af97a8’ does not have authorization to perform action ‘Microsoft.Network/privateDnsZones/A/read’ over scope ‘/subscriptions/741cfd03-6b62-4116-8c0c-1ae51778d764/resourceGroups/prd-eus2-ops-dns-03/providers/Microsoft.Network/privateDnsZones/withbc.com/A/bcmod01’ or the scope is invalid.
Below are module version details
azure.azcollection 2.7.0
ansible-core 2.13.13
Does ansible azure.azcollection modules need contributor role to be assigned on subscription scope instead of zone scope?