The author describes troubleshooting an Azure DevOps YAML pipeline error related to a local-exec provisioner in terraform, which failed to grant necessary permissions due to a missing Azure Active Directory Readers permission. They detail the root causes, error findings, and ultimately the adjustments made to resolve the issue, focusing on least privilege principles.
[HOWTO] Fix “Server identity does not have Azure Active Directory Readers permission” error when using terraform local-exec provisioner to create SQL database users from external provider in a Az DevOps YAML pipeline
blog.rufer.be 