https://pulumi.com logo
Title
i

important-book-47803

01/11/2023, 9:36 AM
Hi, Wondering if anyone has come across Pulumi reporting it deleted a role assignment but it still exists in azure? We made a change to a role assignment which then required a replacement. We modified the resource to delete before replace and can see from log below that is how it is behaving:
@ Updating.....
-- azure-native:authorization:RoleAssignment AcrPull deleting original (0s)
azure-native:authorization:RoleAssignment Reader
azure-native:authorization:RoleAssignment Contributor
azure-native:containerservice:MaintenanceConfiguration usc-sai-idem-japaneast-aks-maintenance
@ Updating....
-- azure-native:authorization:RoleAssignment AcrPull deleted original (1s)
@ Updating....
+- azure-native:authorization:RoleAssignment AcrPull replacing (0s) [diff: ~scope]
+- azure-native:authorization:RoleAssignment AcrPull replaced (0.00s) [diff: ~scope]
++ azure-native:authorization:RoleAssignment AcrPull creating replacement (0s) [diff: ~scope]
@ Updating.........
++ azure-native:authorization:RoleAssignment AcrPull creating replacement (6s) [diff: ~scope]; error: autorest/azure: Service returned an error. Status=<nil> Code="RoleAssignmentExists" Message="The role assignment already exists."
++ azure-native:authorization:RoleAssignment AcrPull **creating failed** [diff: ~scope]; error: autorest/azure: Service returned an error. Status=<nil> Code="RoleAssignmentExists" Message="The role assignment already exists."
m

many-telephone-49025

01/11/2023, 11:54 AM
Hi SamO, let me test this on my end: Do which Identity you are adding the role?
a

acoustic-alarm-43219

01/11/2023, 2:26 PM
We assign the ACR Pull role to the managed identity of the AKS cluster.