Update role assignment names to be unique per run, cause Azure likes that. And catch error in role assignment if the role has already been assigned, because that module still isn't idempotent. And good things are idempotent

Signed-off-by: Chris Perro <cmperro@gmail.com>

Author: cmperro

roles/platform/defaults/main.yml

@@ -188,14 +188,14 @@ plat__azure_datalakeadmin_identity_name:      "{{ env.azure.role.name.datalake_a
 plat__azure_ranger_audit_identity_name:       "{{ env.azure.role.name.ranger_audit | default([plat__namespace, plat__azure_ranger_audit_suffix, plat__azure_identity_suffix] | join('-')) }}"
 plat__azure_idbroker_identity_name:           "{{ env.azure.role.name.idbroker | default([plat__namespace, plat__azure_idbroker_suffix, plat__azure_identity_suffix] | join('-')) }}"
 
-plat__azure_xaccount_contributor_assn_name:             "{{ env.azure.role.assignment.cross_account.contributor | default('-'.join([plat__namespace, plat__azure_xaccount_suffix, plat__azure_contributor_name_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_xaccount_role_assn_name:                    "{{ env.azure.role.assignment.cross_account.role | default('-'.join([plat__namespace, plat__azure_xaccount_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_vmcontributor_idbroker_assn_name:           "{{ env.azure.role.assignment.idbroker.vmcontributor | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_idbroker_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_mgdidentop_idbroker_assn_name:              "{{ env.azure.role.assignment.idbroker.mgdidentop | default('-'.join([plat__namespace, plat__azure_operator_name_suffix, plat__azure_idbroker_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_storageowner_datalakeadmin_logs_assn_name:  "{{ env.azure.role.assignment.datalake_admin.logs.storageowner | default('-'.join([plat__namespace, plat__azure_owner_name_suffix, plat__azure_log_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_storageowner_datalakeadmin_data_assn_name:  "{{ env.azure.role.assignment.datalake_admin.data.storageowner | default('-'.join([plat__namespace, plat__azure_owner_name_suffix, plat__azure_data_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_storagecontr_log_assn_name:                 "{{ env.azure.role.assignment.log.storagecontr | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_log_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
-plat__azure_storagecontr_ranger_audit_assn_name:        "{{ env.azure.role.assignment.ranger_audit.storagecontr | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_ranger_audit_suffix, plat__azure_assignment_name_suffix]) | to_uuid )}}"
+plat__azure_xaccount_contributor_assn_name:             "{{ env.azure.role.assignment.cross_account.contributor | default('-'.join([plat__namespace, plat__azure_xaccount_suffix, plat__azure_contributor_name_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_xaccount_role_assn_name:                    "{{ env.azure.role.assignment.cross_account.role | default('-'.join([plat__namespace, plat__azure_xaccount_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_vmcontributor_idbroker_assn_name:           "{{ env.azure.role.assignment.idbroker.vmcontributor | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_idbroker_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_mgdidentop_idbroker_assn_name:              "{{ env.azure.role.assignment.idbroker.mgdidentop | default('-'.join([plat__namespace, plat__azure_operator_name_suffix, plat__azure_idbroker_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_storageowner_datalakeadmin_logs_assn_name:  "{{ env.azure.role.assignment.datalake_admin.logs.storageowner | default('-'.join([plat__namespace, plat__azure_owner_name_suffix, plat__azure_log_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_storageowner_datalakeadmin_data_assn_name:  "{{ env.azure.role.assignment.datalake_admin.data.storageowner | default('-'.join([plat__namespace, plat__azure_owner_name_suffix, plat__azure_data_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_storagecontr_log_assn_name:                 "{{ env.azure.role.assignment.log.storagecontr | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_log_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
+plat__azure_storagecontr_ranger_audit_assn_name:        "{{ env.azure.role.assignment.ranger_audit.storagecontr | default('-'.join([plat__namespace, plat__azure_contributor_name_suffix, plat__azure_ranger_audit_suffix, plat__azure_assignment_name_suffix,ansible_date_time.iso8601]) | to_uuid )}}"
 
 plat__azure_netapp_account_name:              "{{ common__azure_netapp_account_name }}"
 plat__azure_netapp_pool_name:                 "{{ common__azure_netapp_pool_name }}"

roles/platform/tasks/setup_azure_authz.yml

@@ -193,7 +193,7 @@
   until: __infra_az_sp_assign_result is not failed
   retries: 3
   delay: 3
-  azure.azcollection.azure_rm_roleassignment: # This Azure module is not idempotent at all it seems?
+  azure.azcollection.azure_rm_roleassignment: # This Azure module is not idempotent at all it seems? We have made it so... see error catching below
     state: present
     scope: "{{ __azure_rl_assgn_item.scope }}"
     name: "{{ __azure_rl_assgn_item.name }}"
@@ -233,3 +233,7 @@
   loop_control:
     loop_var: __azure_rl_assgn_item
     label: "{{ __azure_rl_assgn_item.desc }}"
+  failed_when:
+    - "'rc' in __infra_az_sp_assign_result" 
+    - __infra_az_sp_assign_result.rc != 0
+    - "'The role assignment already exists' not in __infra_az_sp_assign_result.module_stderr"