Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment fails if Service Principal can access multiple subscriptions #2393

Closed
ReneHezser opened this issue Feb 2, 2024 · 1 comment · Fixed by #2400
Closed

Deployment fails if Service Principal can access multiple subscriptions #2393

ReneHezser opened this issue Feb 2, 2024 · 1 comment · Fixed by #2400
Assignees
@sebassem
Labels
ArcBox Jumpstart ArcBox related bug Something isn't working
Milestone
February 2024

Comments

@ReneHezser
Copy link

Is your issue related to a Jumpstart scenario, ArcBox, HCIBox, or Agora?
https://azurearcjumpstart.com/azure_jumpstart_arcbox/DataOps

Describe the issue or the bug

To Reproduce

  1. Create a Service Principal
  2. grant permissions on >1 subscriptions
  3. decide to deploy in not the first subscription that is listed with a az account show
  4. start the deployment (it does not matter if you choose the portal, ARM or Bicep).
  5. it will fail within the install_CAPI.sh with
  storageclass.storage.k8s.io/managed-premium created
  Context "arcbox-capi-data-3ea2-admin@arcbox-capi-data-3ea2" renamed to "arcbox-capi".
  ERROR: argument --resource-group/-g: expected one argument

Expected behavior
The deployment will succeed.

Environment summary
The script extension of the VM will use the proviced sp to logon to Azure. It does not receive any information about the subscription to use, resulting in the resource group not found exception.

I noted that in the other subscription the sp has access to, the two resource groups starting with MC_ have been created.

Have you looked at the Troubleshooting and Logs section?
I sshed into the ArcBox-CAPI-MGMT VM and found in the logs the error. Then I did a az account show and noticed that the subscription I wanted to use was not the first or default in the resulting list.

Screenshots

Additional context
Sorry, I purged the environment before I took screenshots or more log entries.
@ReneHezser ReneHezser added the triage issue or feature up for triage label Feb 2, 2024
@sebassem sebassem self-assigned this Feb 7, 2024
@sebassem sebassem added bug Something isn't working ArcBox Jumpstart ArcBox related and removed triage issue or feature up for triage labels Feb 7, 2024
@sebassem sebassem added this to the February 2024 milestone Feb 7, 2024
@sebassem sebassem linked a pull request Feb 7, 2024 that will close this issue
ArcBox - Fix bug when SP has access to multiple subscriptions #2400
Merged
@ReneHezser
Copy link
Author

Thanks. That was fast :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sebassem sebassem

Labels
ArcBox Jumpstart ArcBox related bug Something isn't working
Projects
Azure Arc Jumpstart
Status: Done
Milestone
February 2024
Development

Successfully merging a pull request may close this issue.

ArcBox - Fix bug when SP has access to multiple subscriptions sebassem/azure_arc
2 participants
@ReneHezser @sebassem