Proper way of creating roleEligibilityScheduleRequests using Bicep

D Prado 10 Reputation points
2023-06-29T10:47:54.8233333+00:00

Hello,

We are in the process of automating PIM's Eligibility Schedule Requests using Bicep.

This is essentially the module we wrote to do so:

targetScope = 'subscription'

param role object

resource pimAssignment 'Microsoft.Authorization/roleEligibilityScheduleRequests@2022-04-01-preview' = {
  name: guid(subscription().id, role.id)
  properties: {
    principalId: ...
    requestType: 'AdminUpdate'
    roleDefinitionId: role.id
    scheduleInfo: {
      expiration: { ... }
    }
  } 
} 

While the first execution works as intended, we receive the following error when trying to deploy any change using it:

Status Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed) - A role assignment request with Id: <

Microsoft Entra
{count} votes

2 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  2. JamesTran-MSFT 36,796 Reputation points Microsoft Employee
    2023-07-12T21:07:36.5566667+00:00

    @D Prado

    Thank you for following up on this and I apologize for the delayed response!

    Error Message:

    A role assignment request with Id: ...-95e90998db67 already exists (Code:Conflict)...

    I understand that the first deployment of your Bicep template to automate the PIM's Eligibility Schedule Requests are working as expected. However, after any template changes or re-deployment of the same code with no change, you're receiving the above error.

    I understand that the first deployment of your Bicep template to automate the PIM's Eligibility Schedule Requests are working as expected. However, after any template changes or re-deployment of the same code with no change, you're receiving the above error.


    Based off your error message, it looks like you're trying to create a Role Eligibility Schedule Request using the same role assignment request ID - ...95e90998db67, which is already present. After researching your error message, I found that the error you received is expected and to resolve this you'll have to provide a unique Request ID (roleEligibilityScheduleRequestName) prior to re-executing your Bicep deployment.

    User's image

    I hope this helps!

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.