Plan script shall fail if Policy assignments can not be read #138
Comments
|
Permissions are documented here: https://github.com/Azure/enterprise-azure-policy-as-code/blob/main/Docs/ci-cd-pipeline.md#ms-graph-permissions In rare circumstances this error is not an error (it happens if a previous role assignment failed). I will add code to surface the error a second time at the end of the CI/CD step and clarify the error message with additional information. |
|
I think documentation need to have very details steps how to do Graph permissions step by step. For example which application I'm supposed to be providing MS Graph permissions? |
|
Is there an option just to forego somehow assignment management and do assignment management manually rather the automatically. It's worth for me to have one time manual steps rather then to deal with MS Graph. |
|
Nope, always there. MSGraph is easy. Just follow the 3 linked steps in the documentation |
|
I think what is missing in the docs is the following from Docs/ci-cd-pipeline.md sc-pac-dev also requires MS Graph Permissions (basically anything that is being used to query the Roles)
|
|
Thank you for finding this bug and a solution. I'll fix this soon. I tagged this issue with Documentation |
techlake
added
bug
Hello,
I'm having weird issue with reading policy assignments after they are created on first run with the same SPN which created it.
Plan script shall fail instead of continuing execution in CI/CD in such cases.
Is there a bug in a code or how do I troubleshoot this RBAC issue which shall not be there (same SPN created assignment on first run)
The text was updated successfully, but these errors were encountered: