Kubernetes Control Plane Charm

az defaults to wrong subscription when checking resource groups

Bug #1946089 reported by Peter Jose De Sousa
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Azure Integrator Charm
New
Undecided
Unassigned
Kubernetes Control Plane Charm
New
Undecided
Unassigned
Kubernetes Worker Charm
New
Undecided
Unassigned

Bug Description

Hi,

When setting up the azure integration with an account that has more than one subscription associated with it the azure cli will attempt to read on a subscription on which it does not neccessarily have permsissions.

This results in a error:
    > /var/lib/juju/agents/unit-azure-integrator-0/charm/reactive/azure.py(63)handle_requests()
-> request.vm_name, request.unit_name
(Pdb) n
> /var/lib/juju/agents/unit-azure-integrator-0/charm/reactive/azure.py(66)handle_requests()
-> layer.azure.send_additional_metadata(request)
(Pdb) n
charms.layer.azure.AzureError: ERROR: (AuthorizationFailed) The client 'CLIENT_ID' with object id 'OBJECT_ID' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/redacted/resourcegroups/reacted' or the scope is invalid. If access was recently granted, please refresh your credentials.

No workaround currently,

[1] https://github.com/juju-solutions/charm-azure-integrator/blob/faf4e73bf5a9b3f29695efed2008d4ecc1055198/lib/charms/layer/azure.py#L177

Thanks,

Peter

See original description
Peter Jose De Sousa (pjds)
description: updated
Revision history for this message
Peter Jose De Sousa (pjds) wrote :

Draft PRs:

https://github.com/juju-solutions/interface-azure-integration/pull/7

https://github.com/juju-solutions/charm-azure-integrator/pull/34

Revision history for this message
Peter Jose De Sousa (pjds) wrote :

marking field medium as we have a fix awaitng merge :)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.