Terraform-provider-azurerm: "Preview roles are not supported" for azurerm_role_assignment

Created on 31 Jul 2018  ·  6Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Issues on GitHub are intended to be related to bugs or feature requests with provider codebase,
so we recommend using our other community resources instead of asking here 👍.

If you have a support request or question please submit them to one of these resources:

Using:
Terraform v0.11.7

  • provider.azurerm v1.11.0

When trying to assign the role "Storage Blob Data Reader (Preview)" to a Managed User Identity I have the Preview roles are not supported error; however, it looks like it could be done in azure-sdk-for-go (https://github.com/Azure/azure-sdk-for-go/issues/1895). What am I missing?

bug servicauthentication
Source
picture ams0
👍1

Most helpful comment

As a workaround, I was able to use az role definition list to find the full ID of the built-in preview role I wanted like to use in my subscription. For example:

resource "azurerm_role_assignment" "assignment" {
  scope = "${azurerm_storage_account.account.id}"
  # "Storage Blob Data Contributor (Preview)"
  role_definition_id = "/subscriptions/${local.subscription_id}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe"
  principal_id = ...
}
picture ms1111 on 17 Dec 2018
👍2

All 6 comments

Any update on this? It would greatly help to be able to assign this preview roles via Terraform!

ams0 picture ams0 on 7 Sep 2018

hey @ams0

Thanks for opening this issue / apologies for the delayed response here!

This behaviour is currently intentional as we don't support Data Actions within Terraform at the current time (although that's being tracked in https://github.com/terraform-providers/terraform-provider-azurerm/issues/1538) - however once #1538 has been fixed/merged, I believe we should be able to remove this check.

Thanks!

tombuildsstuff picture tombuildsstuff on 12 Sep 2018

It looks like #1538 is closed out and available. Given that, any ETA on an update for this issue?

cwiederspan picture cwiederspan on 23 Nov 2018

As a workaround, I was able to use az role definition list to find the full ID of the built-in preview role I wanted like to use in my subscription. For example:

resource "azurerm_role_assignment" "assignment" {
  scope = "${azurerm_storage_account.account.id}"
  # "Storage Blob Data Contributor (Preview)"
  role_definition_id = "/subscriptions/${local.subscription_id}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe"
  principal_id = ...
}
ms1111 picture ms1111 on 17 Dec 2018
👍2

This has been released in version 2.13.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.13.0"
}
# ... other configuration ...
hashibot[bot] picture hashibot[bot] on 4 Jun 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 4 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mlazowik picture mlazowik  ·  3Comments
alant94 picture alant94  ·  3Comments
whytoe picture whytoe  ·  3Comments
MMollyy picture MMollyy  ·  3Comments
pdeva picture pdeva  ·  3Comments