[FEATURE] Improve MPE creation experience when user lacks AuthZ on target Azure resource #99
Description
Use Case / Problem
When creating a Managed Private Endpoint (MPE) using the Fabric CLI, the experience is confusing if the user is not authorized to read the Azure resource’s private endpoint connections.
Even though the MPE is successfully created, the CLI returns a cryptic error message, giving the impression that the operation failed.
This feature request proposes improving the user experience by providing clear, actionable, and accurate feedback during MPE creation.
Proposed Solution
If the CLI receives a 401 Unauthorized specifically during the status retrieval step, it should:
- Swallow the exception (do not treat it as a failure)
- Mark the MPE status as Pending
- Return a clear, non‑error message explaining that the status could not be retrieved due to insufficient permissions, but the MPE creation succeeded.
Rationale
• A 401 in this context does not indicate that the MPE creation failed
• Many callers (especially service principals) will never have read access to the target resource
• “Pending” is the correct semantic state when the CLI cannot verify approval
• This aligns with how other Azure tools behave when status polling is not permitted
Alternatives Considered
Optional follow‑up enhancements
• Add a --no-status-check flag to skip the lookup entirely
Impact Assessment
- This would help me personally
- This would help my team/organization
- This would help the broader fabric-cli community
- This aligns with Microsoft Fabric roadmap items
Implementation Attestation
- I understand this feature should maintain backward compatibility with existing commands
- I confirm this feature request does not introduce performance regressions for existing workflows
- I acknowledge that new features must follow fabric-cli's established patterns and conventions
Implementation Notes
No response