I have some problem destroy my stack that I have s...
# azurew
wet-noon-14291
03/09/2020, 10:45 PMI have some problem destroy my stack that I have set up. The problem is when I try to delete my Service Principal Password and Assignment. For some reason it seems like the actual Service Principal was deleted before those resources and I think that is what caused the issue.
If I use some value from one resource as input to another resource I thought I would have a dependency between the two. So in my case simplified:
* Service principal - X
* Service Principal Password - Y, it has an input reference to X.Id
When I destroy a stack like this I expected Y to first be deleted and then X, can I expect that to be the case?
t
tall-librarian-49374
03/09/2020, 10:52 PMYes, this should be the case, and it worked for me in the past. Would love to see a repro.
w
wet-noon-14291
03/10/2020, 1:43 PMI’ll see what I can do.
wet-noon-14291
03/10/2020, 10:24 PMI think I know what the problem was. It was probably me playing around and testing too many things at once. I thought I would switch to use a service principal instead, but some of the resources was created with my user and now the service principal didn't have enough resources.
Is it right to assume that if one are to use a Service Principal you almost need to give the Service Principal god like access to Azure?
t
tall-librarian-49374
03/11/2020, 6:35 AMYeah, if I need to create resource groups from SP, I ended up giving Contributor role to it. Otherwise, you could limit the scope to a resource group.
w
wet-noon-14291
03/11/2020, 8:12 PMare there any recommendation on how to do it? If you want to create an "Application" you need Active Directory role.
t
tall-librarian-49374
03/11/2020, 9:21 PMSomewhat embarrassingly, I don’t have enough experience here
3 Views