Skip to content

Skip role assignments for free Azure Search SKU (#2848) #2886

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pamelafox merged 6 commits into from
Jan 9, 2026
Merged

Skip role assignments for free Azure Search SKU (#2848) #2886

pamelafox merged 6 commits into from
Jan 9, 2026
+5 −4

Conversation

@bnodir
Copy link
Contributor

@bnodir bnodir commented Dec 31, 2025

Add conditional guards so Microsoft.Authorization/roleAssignments are only created when principalId is non-empty. Prevents InvalidPrincipalId errors when using the free Azure Search SKU. Fixes #2848

@pamelafox pamelafox requested a review from Copilot January 6, 2026 06:01
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a conditional guard to prevent role assignment creation when the principalId is empty, specifically addressing issues with the free Azure Search SKU which does not support managed identities.

  • Added an if (!empty(principalId)) condition to the role assignment resource in role.bicep

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pamelafox
Copy link
Collaborator

pamelafox commented Jan 6, 2026

@bnodir Thanks!

I think it would be clearer to add those checks to each role in main.bicep that is assigned to searchService.outputs.systemAssignedPrincipalId

openAiRoleSearchService
visionRoleSearchService
storageRoleSearchService
storageRoleContributorSearchService

I'm guessing it's failing on:
openAiRoleSearchService
As you likely have the other features disabled?

But they could each have the check.

You don't have an issue in searchmanager when it tries to set up the vectorizer?

@bnodir
Copy link
Contributor Author

bnodir commented Jan 7, 2026

@pamelafox Thanks for the detailed breakdown! I’ve applied the changes and added a note in the docs about the free SKU limitation.

@lsiecker
Copy link

lsiecker commented Jan 8, 2026
edited
Loading

@pamelafox Thanks for the detailed breakdown! I’ve applied the changes and added a note in the docs about the free SKU limitation.

Was looking for that note last week, after a long search I discovered that limitation! Good to see your contribution!

@pamelafox
Copy link
Collaborator

pamelafox commented Jan 9, 2026

Thanks @bnodir! Approved and merging.

@pamelafox pamelafox merged commit c1e6d53 into Azure-Samples:main Jan 9, 2026
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pamelafox pamelafox pamelafox approved these changes

@mattgotteiner mattgotteiner mattgotteiner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deployment fails with "InvalidPrincipalId: A valid principal ID must be provided for role assignment" (Owner role assigned)

5 participants

@bnodir @pamelafox @lsiecker @mattgotteiner @nb-a153