test: add object ID azure resource group assignment (🚧)

[stijnmoreels]

No description provided.

[netlify]

✔️ Deploy Preview for arcus-scripting canceled.

🔨 Explore the source changes: fb0ee04

🔍 Inspect the deploy log: https://app.netlify.com/sites/arcus-scripting/deploys/611dee37ebbdbb000793dfd7

[stijnmoreels]

I may need some help with this one as I don't really know how to set this up properly to test. I thought I could test it by giving our automation user lower access (Reader) to another resource group, but that's either failing with a general exception (see below), or failing when it gets removed in the tear down.

WARNING: Failed to grant access: Microsoft.Rest.Azure.CloudException: Exception of type
'Microsoft.Rest.Azure.CloudException' was thrown.
   at Microsoft.Azure.Graph.RBAC.ObjectsOperations.<GetObjectsByObjectIdsWithHttpMessagesAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Graph.RBAC.ObjectsOperationsExtensions.<GetObjectsByObjectIdsAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.Graph.RBAC.ObjectsOperationsExtensions.GetObjectsByObjectIds(IObjectsOperations operations,
   at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryClient.GetObjectsByObjectId(List`1 objectIds)
Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.CreateRoleAssignment(FilterRoleAssignmentsOptio ns parameters, Guid roleAssignmentId)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()

[mbraekman]

I may need some help with this one as I don't really know how to set this up properly to test. I thought I could test it by giving our automation user lower access (Reader) to another resource group, but that's either failing with a general exception (see below), or failing when it gets removed in the tear down.

WARNING: Failed to grant access: Microsoft.Rest.Azure.CloudException: Exception of type
'Microsoft.Rest.Azure.CloudException' was thrown.
   at Microsoft.Azure.Graph.RBAC.ObjectsOperations.<GetObjectsByObjectIdsWithHttpMessagesAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Graph.RBAC.ObjectsOperationsExtensions.<GetObjectsByObjectIdsAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.Graph.RBAC.ObjectsOperationsExtensions.GetObjectsByObjectIds(IObjectsOperations operations,
   at Microsoft.Azure.Commands.ActiveDirectory.ActiveDirectoryClient.GetObjectsByObjectId(List`1 objectIds)
Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.CreateRoleAssignment(FilterRoleAssignmentsOptio ns parameters, Guid roleAssignmentId)
   at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()

I would need to invest some time in this issue to investigate it, as I've noticed that this either fails with the general exception as you've mentioned above, on the initial creating - even when the creation has actually succeeded.
When executing the same command a second time it will then simply indicate that the assignment already exists.
But I haven't been able to figure out how or why this exception is being thrown or how to drill down into the exception-details to discover if this can be skipped or not.