Roles for service principal

Please provide us with the following information:

The instructions say to use a Contributor role for the subscription. However, when I tried this, the Contributor role does not include "App Configuration Data Owner". I needed to:

1. Use Owner as the role
2. Change the pipeline to assign the role "App Configuration Data Owner" to the SP for the newly created resource group

(Separately, I had changed the authentication to use https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux so the AppId was available, so this code is not usable as is.).

- name: Assign SP rights to update keys.
  uses: azure/CLI@v1
  with:
    inlineScript: |
      echo "Creating role assignment to allow write to App Config keys within resource group"
      az role assignment create --role "App Configuration Data Owner" -g ${{ env.RESOURCE_GROUP_NAME }} --assignee-principal-type ServicePrincipal --assignee-object-id $(az ad sp list --filter "appId eq '${{ secrets.AZURE_CLIENT_ID }}'" | jq -r '.[].id')

This issue is for a: (mark with an x)

- [X ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

trying to execute the instructions

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.