0

I'm using pulumi to deploy my Azure stack. I've created a "user assigned identity" for my storage account and defined a "custom role" and a "role assignment" as below. I also made the assignment dependsOn the role. But every time I deploy it I'll get an error:

azure:authorization:Assignment (my-role-assignment):
  error: Error loading Role Definition List: could not find role 'my-role'

const roleName = "my-role";
const role = new azure.authorization.RoleDefinition(
    roleName,
    {
        name: roleName,
        permissions: [ /* permissions here */ ],
        scope: scope,
        assignableScopes: [scope],
    },
    { parent: this }
);

new azure.authorization.Assignment(
    "my-role-assignment",
    {
        principalId: userAssignedIdentity.principalId,
        roleDefinitionName: roleName,
        scope: storageAccountId,
    },
    {
        parent: userAssignedIdentity,
        dependsOn: [role]
    }
);

It will work if I re-deploy the stack. But why is it always failing on the first try? How can I avoid it without inserting a long sleep in between?

Ansuman Bal
  • 9,705
  • 2
  • 10
  • 27
Bizhan
  • 16,157
  • 9
  • 63
  • 101
  • 2
    We've seen this kind of problem in a powershell script, when creating a custom role then immediately trying to assign it. We think there's just a delay before the role becomes available for use; which is unhelpful. – Vince Bowdren Jan 14 '22 at 16:13
  • I have 2 roles in my code and I've tried to add a 60 seconds delay. But it still fails sometimes. I have a feeling that anything greater than that would be a nuisance for the deployment pipeline. This sucks. – Bizhan Jan 14 '22 at 16:45

0 Answers0