https://pulumi.com logo
Powered by
Title
t

tall-librarian-49374

05/09/2020, 7:08 PM
I suspect we need to add this kind of things to docs or a blog
m

millions-journalist-34868

05/10/2020, 4:42 PM
I think you should indeed. Something like "Example on how to set up your Azure service principal" with the often needed roles and API permissions needed. This is the kind of thing that could be added to Docs/Intro to Pulumi/Cloud Providers/Azure section and reference as well in the Docs/User Guides/Continuous Delivery/Azure DevOps. In order to make it work properly in my case I had to : • add the contributor role to the SP on the subscription • add the user access administrator role to the SP on the subscription • Add the Application.ReadWrite.OwnedBy permission of Azure Active Directory Graph API to the SP
Last one is a bit strange as Azure Active Directory Graph is deprecated from what I understood (https://developer.microsoft.com/en-us/office/blogs/microsoft-graph-or-azure-ad-graph/) but when using the similar permission from Microsoft Graph API I get an error "graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403" when trying to create the application. Only the permission on the old API seems to work. Could it be that the Azure Provider uses the old API ? Any idea on this @tall-librarian-49374 ?
I guess I found my answer : https://github.com/terraform-providers/terraform-provider-azuread/issues/131 There are some related issues not specific to this but that will solve this as well : https://github.com/terraform-providers/terraform-provider-azuread/issues/193
t

tall-librarian-49374

05/10/2020, 6:00 PM
Would you mind opening an issue in https://github.com/pulumi/docs ?
m

millions-journalist-34868

05/10/2020, 7:25 PM
https://github.com/pulumi/docs/issues/3247
👍 1
3 Views
#azureJoin Slack
Powered by