Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role assignment existence check in containerRegistry.bicep #333

Closed
aazherelyeu opened this issue Nov 7, 2024 · 4 comments
Closed

Role assignment existence check in containerRegistry.bicep #333

aazherelyeu opened this issue Nov 7, 2024 · 4 comments
Assignees
@DCMattyG
Labels
enhancement New feature or request

Comments

@aazherelyeu
Copy link

Emailed to Matthew some time ago about this issue.

After successfully running of the IPAM deployment, if it's reran again you will encounter the following issue:

New-AzSubscriptionDeployment : 12:42:11 PM - The deployment 'ipamInfraDeploy-20241018124054PM' failed with error(s). Showing 1 out of 1 error(s).
Status Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed)
 - The role assignment already exists. (Code:RoleAssignmentExists)

The bicep (containerRegistry.bicep) needs to be updated with a check for role assignment existence.

Please let me know once the bicep is updated.
@DCMattyG DCMattyG self-assigned this Nov 20, 2024
@DCMattyG DCMattyG added the enhancement New feature or request label Nov 20, 2024
@DCMattyG
Copy link
Contributor

Hi there @aazherelyeu, apologies for the delay in my response on this item. I have made the changes in the code for the next version of Azure IPAM (v3.5) and I'm testing everything now. The new version should be available soon, thank you so much for bringing this issue to my attention.

@DCMattyG
Copy link
Contributor

Hi @aazherelyeu, this has now been addressed with the release of Azure IPAM v3.5.0

Release Notes: https://github.com/Azure/ipam/releases/tag/v3.5.0

All resources, including the Container Registry, now have a stable identifier. Please give it a try and let me know if there are any other Bicep issues.

Thanks!

@aazherelyeu
Copy link
Author

Hi @DCMattyG tested. unfortunately, encountered the same issue:

New-AzSubscriptionDeployment : 5:44:58 AM - The deployment 'ipamInfraDeploy-20241230054424AM' failed with error(s). Showing 2 out of 2 error(s).
Status Message: The role assignment already exists. (Code:RoleAssignmentExists)

Status Message: The role assignment already exists. (Code:RoleAssignmentExists)

CorrelationId: 305df51a-7c94-4073-b808-e22143910af7
At D:\a\1\s\ipam\deploy\deploy.ps1:913 char:7
+       New-AzSubscriptionDeployment `
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-AzDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureSubscriptionDeploymentCmdlet

However, when I deployed from scratch and retried from the pipeline again it worked fine. I think we should remove roles from the managed identity manually and redeploy. To do so I need to wait for a colleague with higher privileges. I will let you know

@aazherelyeu
Copy link
Author

Tested. The new bicep module works fine. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DCMattyG DCMattyG

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DCMattyG @aazherelyeu