Cannot Create Azure AD Application with Azure DevOps + Terraform
I'm trying to create an Azure AD application using terraform along with our Azure DevOps pipeline, but I am getting the following error:
1 error(s) occurred:
* module.cluster.module.cluster.azuread_application.cluster: 1 error(s) occurred:
* azuread_application.cluster: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2019-02-19T23:22:23","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"<SOME GUID>"}}]
I'm pretty sure this is because the pipeline's service principal doesn't have the proper permissions within our Azure AD.
This is the offending Terraform code:
resource "azuread_application" "cluster" {
name = "some-application"
}
resource "azuread_service_principal" "cluster" {
application_id = "${azuread_application.cluster.application_id}"
}
Here is what the Terraform Step Looks like (I'm using a Service Connection to supply the service principal).
To configure the service principal, I am selecting "Manage Service Principal" for the Service Connection.
I have then given it all "required permissions" for both Microsoft Graph and Windows Azure Active Directory. I don't think I need the Microsoft Graph, but did that since Windows AAD wasn't working.
According to the error information it indicated that you have no permission to do that.
I follow the terraform guide document, we need to assign permissions corrosponding to the application.
NOTE: If you're authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API
During test, I assign the following permission to the Azure Active Diretory, for more information please refer to the screenshot.
Note: Please don't forget to click Grant permissions
Test Result:
- NPM broken TypeError: Cannot read property 'loaded' of undefined
- Terraform code not creating multiple rules in Azure Storage lifecycle
- Are pipeline variables available in PowerShell task in Azure DevOps?
- Error adding Virtual Machine Resource in Azure DevOps
- GitVersion doesn't give error message on Azure Devops Pipeline
- Sending Notification in Teams using Webhook and Power Automate
- Force a branch naming convention in Azure DevOps Git
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Reading values from a key value based file and passing these values to azure devops template
- Using job output variables in Azure Pipeline condition
- How to create Azure Devops Service Connection Docker Registry Type Other
- .Net Azure Function app publish does not generate a bin folder
- Azure DevOps Release Artifacts Getting Deselected After New Build Artifact Creation
- Azure VM run-commands freeze and hang and starts to block DevOps pipeline from running new run-commands on VM with Azure CLI
- How to push changes from or Azure Devops to another company?
- Get the permissions of users with respect to the repositories via the API of ADO
- How do you specify the sourceBranch for a Run of Pipelines via the REST API?
- Azure DevOps REST api - Run pipeline with variables
- Predefined type 'System.Void' is not defined or imported during Visual Studio Online build of ASP.NET 5
- Azure Pipelines: Why does parameter comparison work in one job condition but fail in others?
- How to force renovate to set azure pipeline task from "x@1" to "x@2" instead of "[email protected]"
- How to run a pipeline with parameters
- Two different projects sharing secret.json locally
- Weird IP Address while GIT pull
- Azure DevOps Pipeline - Updating BuildNumber
- How to Migrate TFVS project to Azure Git Repos from different Organization
- Azure DevOps REST API - Update pre-deployment artifacts
- Azure DevOps Repos Limit or Block PR by Number of Commits
- How to branch from non-default branch in Azure DevOps GitHub.com integration?
- Timezone error creating SQL instance in Azure using Terraform