Terraform azurerm_data_factory vsts_configuration failing with Error: Error configuring Repository for Data Factory

Question

I'm trying to set up the code repository in Azure Data Factory using Terraform deploying with Azure Cloud Shell with contributor access following this: https://www.terraform.io/docs/providers/azurerm/r/data_factory.html#vsts_configuration

I'm getting the error message:

Error: Error configuring Repository for Data Factory "adf-name" (Resource Group "rg-name"): datafactory.FactoriesClient#ConfigureFactoryRepo: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '[email protected]' with object id 'xxxxx' does not have authorization to perform action 'Microsoft.DataFactory/locations/configureFactoryRepo/action' over scope '/subscriptions/xxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.

I've de-sensitised the client, object id and scope.

I am able to set up the code repository in the portal, but fails when I try and run the terraform in the Azure Cloud Shell. Has anyone seen this error message before or know how to get past it?

Code snip it:

`provider "azurerm" {
  version = "=2.3.0"
  features {}
}
resource "azurerm_data_factory" "example" {
  name                = var.adf_name
  location            = var.location
  resource_group_name = var.rg_name
  vsts_configuration {
    account_name      = var.account_name
    branch_name       = var.branch_name
    project_name      = var.project_name
    repository_name   = var.repo_name
    root_folder       = var.root_folder
    tenant_id         = var.tenant_id
  }
}`

Answer 1

A custom role had to be added for the action ‘ Microsoft.DataFactory/locations/configureFactoryRepo/action’ and assigned to the service principal. Contributor role itself was not enough to set up the code repository for Azure Data Factory using Terraform azurerm.