Azure error creating resource group

azure

#1

Hey folks, am familiar with serverless and AWS, and am running through the examples to try and prove how this framework makes it easier to work multicloud, however ground to a halt in my first foray with azure. I don’t know azure, however I’m following the instructions in the serverless.com for getting a boilerplate function deployed and all went well until the first serverless deploy. Hoping someone can point out what I’ve missed / got wrong or if I should go ahead and raise a bug report. Note it’s a completely new azure account, never used for anything before this.

➜ nplay-azure serverless deploy

WARNING: You are running v1.9.0. v1.10.0 will include the following breaking changes:
- Some lifecycle events for the deploy plugin will move to a new package plugin. More info -> https://git.io/vy1zC

You can opt-out from these warnings by setting the “SLS_IGNORE_WARNING=*” environment variable.

Serverless: Packaging service…
Serverless: Logging in to Azure
Serverless: Creating resource group: nplay-rg

Error --------------------------------------------------

 The client 'd266f5f9-c2b5-4c49-b120-9c06602fb700' with
 object id 'd266f5f9-c2b5-4c49-b120-9c06602fb700' does
 not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write'
 over scope '/subscriptions/edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3/resourcegroups/nplay-rg'.

 For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues

 Please report this error. We think it might be a bug.

Your Environment Information -----------------------------
OS: darwin
Node Version: 6.10.0
Serverless Version: 1.9.0

My identities in use are:

➜ nplay-azure azure account show
info: Executing command account show
data: Name : Free Trial
data: ID : edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3
data: State : Enabled
data: Tenant ID : 0bfd13a6-34c6-4bb6-b0aa-d4983688cb1b
data: Is Default : true
data: Environment : AzureCloud
data: Has Certificate : No
data: Has Access Token : Yes

info: Executing command ad sp create

  • Creating application nplay
  • Creating service principal for application 43f4f6e7-9a8a-4d32-a045-4876490ed8bb
    data: Object Id: d266f5f9-c2b5-4c49-b120-9c06602fb700
    data: Display Name: nplay
    data: Service Principal Names:
    data: 43f4f6e7-9a8a-4d32-a045-4876490ed8bb
    data: http://nplay
    info: ad sp create command OK

➜ nplay-azure export azureSubId='edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3’
➜ nplay-azure export azureServicePrincipalTenantId='0bfd13a6-34c6-4bb6-b0aa-d4983688cb1b’
➜ nplay-azure export azureServicePrincipalClientId=‘43f4f6e7-9a8a-4d32-a045-4876490ed8bb’

Thanks in advance!


#2

Hey @alanwhite I get passed this issue by doing this from the credentials https://serverless.com/framework/docs/providers/azure/guide/credentials/ set-up.

azure role assignment create --objectId <objectIDFromCreateStep> -o Contributor

I think this is just an issue with the docs. Though I get an issue right after this step.


#3

Thanks @GroundedSage! Makes sense, this line is indeed missing from the quickstart page but is indeed there on credentials. Speedy response much appreciated!