make tre-destroy fails due to azure databricks DenyAssignment #4776
Description
Describe the bug
make tre-destroy fails due to azure databricks DenyAssignment
Steps to reproduce
- Deploy a TRE with Databricks
- run
make tre-destroy - Observe errors relating to databricks deny assignments
ERROR: (DenyAssignmentAuthorizationFailed) The client '76347256-...' with object id 'f38431f9-...' has permission to perform action 'Microsoft.Resources/subscriptions/resourcegroups/delete' on scope '/subscriptions/b4b96431.../resourcegroups/rg-tredev-ws-c6f7-svc-8800'; however, the access is denied because of the deny assignment with name 'System deny assignment created by Azure Databricks /subscriptions/b4b96431.../resourceGroups/rg-tredev-ws-c6f7/providers/Microsoft.Databricks/workspaces/adb-tredev-ws-c6f7-svc-8800' and Id '3d64f...' at scope '/subscriptions/b4b96431.../resourceGroups/rg-tredev-ws-c6f7-svc-8800'.
Code: DenyAssignmentAuthorizationFailed
Message: The client '76347256-...' with object id 'f38431f9-...' has permission to perform action 'Microsoft.Resources/subscriptions/resourcegroups/delete' on scope '/subscriptions/b4b96431-.../resourcegroups/rg-tredev-ws-c6f7-svc-8800'; however, the access is denied because of the deny assignment with name 'System deny assignment created by Azure Databricks /subscriptions/b4b96431-.../resourceGroups/rg-tredev-ws-c6f7/providers/Microsoft.Databricks/workspaces/adb-tredev-ws-c6f7-svc-8800' and Id '3d64fe...' at scope '/subscriptions/b4b96431.../resourceGroups/rg-tredev-ws-c6f7-svc-8800'.
The command to delete databricks rg's is
az databricks workspace delete --name adb-tredev-ws-142a-svc-b2e6 --resource-group rg-tredev-ws-142a --yes
Then make tre-destroy succeeds
Azure TRE release version (e.g. v0.14.0 or main):
main
Deployed Azure TRE components - click the (i) in the UI:
UI Version:
0.8.19
API Version:
0.25.4