Deploy to AKS using Azure pipeline

damian esene 10 Reputation points
2023-03-02T03:23:02.15+00:00

Hi,

I'm trying to deploy to AKS using azure pipeline but I get the below error message:

Failed to set Azure permission 'RoleAssignmentId: 'xxx' for the service principal 'xxx' on subscription ID 'xxx': error code: BadRequest, inner error code: RoleAssignmentUpdateNotPermitted, inner error message Tenant ID, application ID, principal ID, and scope are not allowed to be updated. Ensure that the user has 'Owner' or 'User Access Administrator' permissions on the Subscription.

I have owner role on the subscription. The app registration I use as a service connection also has owner role on the subscription.

I also noticed that the service principal stated In the error message is different from the service principal for the app registration i created. It seems Azure pipeline is creating another SP and I'm not sure why it's doing that and not using the already created one.

Please assist.

Thanks

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,196 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Manu Philip 14,361 Reputation points MVP
    2023-03-02T03:43:05.4233333+00:00

    As the error message says 'RoleAssignmentUpdateNotPermitted' there could be chances that the role assignment exists from a previous failed deployment. You can check this in Subscription role assignments area. I suggest you delete the entire resource group if possible, which will delete the Role Assignments too.


    --please don't forget to upvote and Accept as answer if the reply is helpful--