Skip to content

15b Terraform template missing 2 RBAC role assignments vs. portal UI deployment #636

Description

@igordossantos

Description

The Terraform template 15b-private-network-standard-agent-setup-byovnet is missing 2 RBAC role assignments that are automatically created when deploying the same architecture through the Azure portal UI.

Missing Role Assignments

When comparing the project managed identity's role assignments between a UI deployment and the Terraform deployment, the following roles are missing from the Terraform template:

# Missing Role Resource Type Notes
1 DocumentDB Account Contributor Azure Cosmos DB account Not mentioned in README; UI deployment assigns it
2 Storage Queue Data Contributor Storage Account README mentions it's needed "if Azure Function tool enabled" but template doesn't include it

Roles correctly assigned by Terraform (5 of 7)

Role Resource Type
Cosmos DB Operator Azure Cosmos DB account
Search Index Data Contributor Search service
Search Service Contributor Search service
Storage Blob Data Contributor Storage account
Storage Blob Data Owner Storage account (with condition)

Steps to Reproduce

  1. Deploy using 15b-private-network-standard-agent-setup-byovnet Terraform template
  2. Deploy the same architecture via the Azure portal UI
  3. Compare the role assignments on the project managed identity
  4. UI deployment has 7 roles; Terraform deployment has only 5

Expected Behavior

The Terraform template should assign all 7 roles to match the portal UI deployment behavior.

File Reference

infrastructure/infrastructure-setup-terraform/15b-private-network-standard-agent-setup-byovnet/code/main.tf

Environment

  • Terraform v1.14.8
  • AzAPI provider v2.9.0
  • AzureRM provider v4.66.0
  • Region: westus3

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions