Hello all,
I’m attempting to use the azure_rm functionality I appear to be having an issue
I have an action like
- name:
azure_rm_storageblob:
resource_group: MY_COMPANY
storage_account_name: testdeletemebnr
container: grid
blob: 0.0.2-SNAPSHOT.jar
tenant: redacted
client_id: 8e71ddb2-d794-4f7c-9ed7-60e6b301c794
secret: redacted
subscription_id: redacted
src: /tmp/azure_ansible
state: present
tags: [ azure_test ]
I receive back the output
TASK [telemetry : None] ********************************************************
fatal: [remote_host]: FAILED! => {“changed”: false, “failed”: true, “msg”: “One-time registration of Microsoft.Storage failed - The client ‘d38eaaca-1429-44ef-8ce2-3c63a62849c9’ with object id ‘d38eaaca-1429-44ef-8ce2-3c63a62849c9’ does not have authorization to perform action ‘Microsoft.Storage/register/action’ over scope ‘/subscriptions/********’.”}
to retry, use: --limit @cloud_entry.retry
From the azure cli I run
role assignment list command
data: RoleDefinitionName : Contributor
data: RoleDefinitionId : b24988ac-6180-42a0-ab88-20f7382dd24c
data: Scope : /subscriptions/redacted/resourceGroups/MY_COMPANY/providers/Microsoft.Storage/storageAccounts/testdeletemebnr
data: Display Name : jar-deploy
data: SignInName :
data: ObjectId : d38eaaca-1429-44ef-8ce2-3c63a62849c9
data: ObjectType : ServicePrincipal
Things I noted the objectId and the clientId in the error message are identical. Should that be the case? My expectation is the client_id should be the one I entered.
I do see that the objectId in the error message is equal to the one in my role assignment.
My ServicePrincipal has Contributor RBAC’s on the storage account testdeletemebnr as shown by assignment list.
Any thoughts on if this is an Azure issue, my issue or Ansible issue?
Thank you very much!
-b