[ansible-project] Permissions to Create Azure Blob and Container

Sat, 23 Jul 2016 06:28:54 -0700 

Hello all, 

I'm attempting to use the azure_rm functionality I appear to be having an 
issue 

I have an action like

- name:
  azure_rm_storageblob:
    resource_group: MY_COMPANY
    storage_account_name: testdeletemebnr
    container: grid
    blob: 0.0.2-SNAPSHOT.jar
    tenant: redacted
    client_id: 8e71ddb2-d794-4f7c-9ed7-60e6b301c794
    secret: redacted
    subscription_id: redacted
    src: /tmp/azure_ansible
    state: present
  tags: [ azure_test ]




I receive back the output


TASK [telemetry : None] 
********************************************************
fatal: [remote_host]: FAILED! => {"changed": false, "failed": true, "msg": 
"One-time registration of Microsoft.Storage failed - The client 
'd38eaaca-1429-44ef-8ce2-3c63a62849c9' with object id 
'd38eaaca-1429-44ef-8ce2-3c63a62849c9' does not have authorization to 
perform action 'Microsoft.Storage/register/action' over scope 
'/subscriptions/********'."}
to retry, use: --limit @cloud_entry.retry




>From the azure cli I run 

> role assignment list command

data:    RoleDefinitionName   : Contributor
data:    RoleDefinitionId     : b24988ac-6180-42a0-ab88-20f7382dd24c
data:    Scope                : 
/subscriptions/redacted/resourceGroups/MY_COMPANY/providers/Microsoft.Storage/storageAccounts/testdeletemebnr
data:    Display Name         : jar-deploy
data:    SignInName           :
data:    ObjectId             : d38eaaca-1429-44ef-8ce2-3c63a62849c9
data:    ObjectType           : ServicePrincipal

Things I noted the objectId and the clientId in the error message are 
identical.  Should that be the case? My expectation is the client_id should 
be the one I entered.

I do see that the objectId in the error message is equal to the one in my 
role assignment.

My ServicePrincipal has Contributor RBAC's on the storage account 
testdeletemebnr as shown by assignment list.

Any thoughts on if this is an Azure issue, my issue or Ansible issue?

Thank you very much!

-b

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/6c8aa1f0-205f-43ea-873d-9cfcb6e5d9f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to