Description
The Terraform template 15b-private-network-standard-agent-setup-byovnet is missing 2 RBAC role assignments that are automatically created when deploying the same architecture through the Azure portal UI.
Missing Role Assignments
When comparing the project managed identity's role assignments between a UI deployment and the Terraform deployment, the following roles are missing from the Terraform template:
| # |
Missing Role |
Resource Type |
Notes |
| 1 |
DocumentDB Account Contributor |
Azure Cosmos DB account |
Not mentioned in README; UI deployment assigns it |
| 2 |
Storage Queue Data Contributor |
Storage Account |
README mentions it's needed "if Azure Function tool enabled" but template doesn't include it |
Roles correctly assigned by Terraform (5 of 7)
| Role |
Resource Type |
| Cosmos DB Operator |
Azure Cosmos DB account |
| Search Index Data Contributor |
Search service |
| Search Service Contributor |
Search service |
| Storage Blob Data Contributor |
Storage account |
| Storage Blob Data Owner |
Storage account (with condition) |
Steps to Reproduce
- Deploy using
15b-private-network-standard-agent-setup-byovnet Terraform template
- Deploy the same architecture via the Azure portal UI
- Compare the role assignments on the project managed identity
- UI deployment has 7 roles; Terraform deployment has only 5
Expected Behavior
The Terraform template should assign all 7 roles to match the portal UI deployment behavior.
File Reference
infrastructure/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf
Environment
- Terraform v1.14.8
- AzAPI provider v2.9.0
- AzureRM provider v4.66.0
- Region: westus3
Description
The Terraform template
15b-private-network-standard-agent-setup-byovnetis missing 2 RBAC role assignments that are automatically created when deploying the same architecture through the Azure portal UI.Missing Role Assignments
When comparing the project managed identity's role assignments between a UI deployment and the Terraform deployment, the following roles are missing from the Terraform template:
Roles correctly assigned by Terraform (5 of 7)
Steps to Reproduce
15b-private-network-standard-agent-setup-byovnetTerraform templateExpected Behavior
The Terraform template should assign all 7 roles to match the portal UI deployment behavior.
File Reference
infrastructure/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tfEnvironment