Comment 0 for bug 1946089

Hi,

When setting up the azure integration with an account that has more than one subscription associated with it the azure cli will attempt to read on a subscription on which it does not neccessarily have permsissions.

This results in a error:
[10:55] EXT.Marius Oprin
    > /var/lib/juju/agents/unit-azure-integrator-0/charm/reactive/azure.py(63)handle_requests()
-> request.vm_name, request.unit_name
(Pdb) n
> /var/lib/juju/agents/unit-azure-integrator-0/charm/reactive/azure.py(66)handle_requests()
-> layer.azure.send_additional_metadata(request)
(Pdb) n
charms.layer.azure.AzureError: ERROR: (AuthorizationFailed) The client 'CLIENT_ID' with object id 'OBJECT_ID' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/redacted/resourcegroups/reacted' or the scope is invalid. If access was recently granted, please refresh your credentials.

No workaround currently,

[1] https://github.com/juju-solutions/charm-azure-integrator/blob/faf4e73bf5a9b3f29695efed2008d4ecc1055198/lib/charms/layer/azure.py#L177

Thanks,

Peter