- Hi i’m trying to create an user using terraform with Azure Pipelines, and set him to an existing Role Directory, but i’m receiving this message error, i already tried to set the permissions to my service principal but didnt work .
The message error that i get is below >
Plan: 4 to add, 0 to change, 0 to destroy.
azuread_directory_role.role-directory: Creating…
azuread_user.user-add: Creating…
azuread_directory_role.role-directory: Creation complete after 0s [id=---]
azuread_user.user-add: Creation complete after 1s [id=---]
azuread_group_member.add-user-group: Creating…
azuread_directory_role_member.role-member: Creating…
azuread_group_member.add-user-group: Creation complete after 1s [id=---]
│ Error: Adding role member “---”
│
│ with azuread_directory_role_member.role-member,
│ on main.tf line 33, in resource “azuread_directory_role_member” “role-member”:
│ 33: resource “azuread_directory_role_member” “role-member” {
│
│ DirectoryRolesClient.BaseClient.Post(): unexpected status 403 with OData
│ error: Authorization_RequestDenied: Insufficient privileges to complete the
│ operation.
=======================
This is my main >
terraform {
required_providers {
azuread = {
source = “hashicorp/azuread”
version = “2.10.0”
}
}
}
provider “azuread” {
}
#Add user ao portal Azure
resource “azuread_user” “user-add” {
user_principal_name = “testes@domain.com”
display_name = “Testes Jdoe”
given_name = “Testes”
surname = “Jdoe”
password = “SecretP@3r4sffs”
mail = “testes@domain.com”
}
#Add user ao grupo Members
data “azuread_group” “Members” {
display_name = “Members”
}
resource “azuread_group_member” “add-user-group” {
group_object_id = data.azuread_group.Members.id
member_object_id = azuread_user.user-add.id
}
#Add permissoes de role ao user
resource “azuread_directory_role” “role-directory” {
display_name = “Application developer”
}
resource “azuread_directory_role_member” “role-member” {
role_object_id = azuread_directory_role.role-directory.id
member_object_id = azuread_user.user-add.id
}