https://pulumi.com logo
Powered by
b

brave-angle-33257

10/26/2018, 10:31 PM
not sure if this is pulumi or Azure, but when trying to update a property on trying to update a property of Role Definition, I get an error saying I can't update it in place
Copy code
Do you want to perform this update? yes
Updating (LightstreamStudio/core-msi-stage):

     Type                               Name                                       Status                  Info
     pulumi:pulumi:Stack                core-msi-core-msi-stage
 +   ├─ azure:msi:UserAssignedIdentity  93bfe621-3-wus-uai                         created
 +   ├─ azure:msi:UserAssignedIdentity  93bfe621-3-weu-uai                         created
 +   ├─ azure:msi:UserAssignedIdentity  93bfe621-3-scus-uai                        created
 +   ├─ azure:msi:UserAssignedIdentity  93bfe621-3-uks-uai                         created
 +   ├─ azure:msi:UserAssignedIdentity  93bfe621-3-eus2-uai                        created
 ~   └─ azure:role:Definition           Reader And Blob Data Access - Lightstream  **updating failed**     [diff: ~assignableScopes]; 1 error

Diagnostics:
  azure:role:Definition (Reader And Blob Data Access - Lightstream):
    error: Plan apply failed: 1 error occurred:

    * updating urn:pulumi:core-msi-stage::core-msi::azure:role/definition:Definition::Reader And Blob Data Access: authorization.RoleDefinitionsClient#CreateOrUpdate: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Cod
e="RoleDefinitionWithSameNameExists" Message="A role definition cannot be updated with a name that already exists."

Resources:
    5 changes
    + 5 created
    21 unchanged
s

stocky-spoon-28903

10/26/2018, 10:32 PM
Are you sure that’s not saying that you already have a role with the desired name?
b

brave-angle-33257

10/26/2018, 10:33 PM
yea but its an update
s

stocky-spoon-28903

10/26/2018, 10:33 PM
Are you trying to update the name?
(slack threads make terminal output basically impossible to follow lol)
b

brave-angle-33257

10/26/2018, 10:35 PM
no, just the "assignableScope" property
name is the same
Copy code
[diff: ~assignableScopes]; 1 error
Copy code
Original Error: autorest/azure: Service returned an error. Status=409 Co$
e="RoleDefinitionWithSameNameExists" Message="A role definition cannot be updated with a name that already exists."
s

stocky-spoon-28903

10/26/2018, 10:35 PM
Hmm, that actually looks like an error from the upstream API
(Not unheard of in ARM!)
I’ll take a look at the actual code in a few minutes and see what I can find
b

brave-angle-33257

10/26/2018, 10:36 PM
alrighty thank you
w

white-balloon-205

10/27/2018, 12:10 AM
Looks like this is the same issue reported at https://github.com/terraform-providers/terraform-provider-azurerm/issues/2069. It is either a bug in the TF provider that 
assignable_scopes
should be marked as 
ForceNew
, or it is a bug in Azure itself.
2 Views
Powered by