You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running a terraform plan through Azure DevOps, the following error comes up
Error: retrieving Synapse RoleAssignment (Resource Group "syw-xxx-xxxxxxx-n"): accesscontrol.RoleAssignmentsClient#GetRoleAssignmentByID: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="ClientIpAddressNotAuthorized" Message="Client Ip address : XX.XXX.XXX.XXX"
│
│ with module.app_synapse.azurerm_synapse_role_assignment.synapse_role_assignment[0],
│ on terraform_synapse_module\main.tf line 54, in resource "azurerm_synapse_role_assignment""synapse_role_assignment":
│ 54: resource "azurerm_synapse_role_assignment""synapse_role_assignment" {
Expected Behaviour
When running a terraform plan, it should be able to connect to the Synapse Workspace and create a plan to add the role assignments.
Actual Behaviour
This error comes up when running a terraform plan in Azure DevOps
│ Error: retrieving Synapse RoleAssignment (Resource Group "syw-ent-app58081-n-cus01"): accesscontrol.RoleAssignmentsClient#GetRoleAssignmentByID: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="ClientIpAddressNotAuthorized" Message="Client Ip address : XX.XXX.XXX.XXX"
│
│ with module.app_synapse.azurerm_synapse_role_assignment.synapse_role_assignment[0],
│ on terraform_synapse_module\main.tf line 54, in resource "azurerm_synapse_role_assignment" "synapse_role_assignment":
│ 54: resource "azurerm_synapse_role_assignment" "synapse_role_assignment" {
│
Steps to Reproduce
In Azure DevOps create a pipeline to run a terraform apply with the following configuration
@dbgrl93 per Heng's suggestion above I'm closing this issue as duplicate, and you can subscribe to #13510. Or feel free to suggest to reopen this issue if you assume it's talking about a different story from #13510.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is there an existing issue for this?
Community Note
Terraform Version
1.0.11
AzureRM Provider Version
3.6.0
Affected Resource(s)/Data Source(s)
azurerm_synapse_role_assignment
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
When running a terraform plan, it should be able to connect to the Synapse Workspace and create a plan to add the role assignments.
Actual Behaviour
This error comes up when running a terraform plan in Azure DevOps
│ Error: retrieving Synapse RoleAssignment (Resource Group "syw-ent-app58081-n-cus01"): accesscontrol.RoleAssignmentsClient#GetRoleAssignmentByID: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="ClientIpAddressNotAuthorized" Message="Client Ip address : XX.XXX.XXX.XXX"
│
│ with module.app_synapse.azurerm_synapse_role_assignment.synapse_role_assignment[0],
│ on terraform_synapse_module\main.tf line 54, in resource "azurerm_synapse_role_assignment" "synapse_role_assignment":
│ 54: resource "azurerm_synapse_role_assignment" "synapse_role_assignment" {
│
Steps to Reproduce
In Azure DevOps create a pipeline to run a terraform apply with the following configuration
resource "azurerm_synapse_workspace" "synapse_workspace" {
count = var.create_synapse_workspace ? 1 : 0
name = var.synapse_workspace_name
resource_group_name = var.resource_group_name
location = var.location
storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.adls_gen2_filesystem_01[count.index].id
sql_administrator_login = var.sw[count.index].admin_name
sql_administrator_login_password = var.sw[count.index].admin_password
identity { type = "SystemAssigned" }
tags = var.tags
}
resource "azurerm_synapse_firewall_rule" "devOpsIP" {
name = "AllowAll"
synapse_workspace_id = azurerm_synapse_workspace.synapse_workspace[0].id
start_ip_address = "0.0.0.0"
end_ip_address = "255.255.255.255"
}
resource "azurerm_synapse_role_assignment" "synapse_role_assignment" {
count = var.create_synapse_workspace ? 1 : 0
synapse_workspace_id = azurerm_synapse_workspace.synapse_workspace[0].id
role_name = var.sw[count.index].role_name
principal_id = var.sw[count.index].principal_id
depends_on = [azurerm_synapse_firewall_rule.devOpsIP]
}
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: