Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

cdb azure configure-arm with multiple subscriptions?

I've been trying to create an Azure ARM application with the cbd azure configure-arm command as needed for the Cloudbreak Azure credential. I keeps failing with an insufficient privileges error. Currently the my user has the 'owner' role on the subscriptions and is admin on de Azure AD so that shouldn't be the issue. The only thing that could be a problem is the fact that my user has several Azure subscriptions and in the cbd configure-arm output I see it switching to the default subscription, which is not the one I gave as a parameter.

Could this be the culprit? How can I force the command to use the proper subscription or does this command only work with a user with a single subscription?

Thanks

1 ACCEPTED SOLUTION

@Peter Teunissen

What do you mean exactly by switching subscriptions? You can check the source of the tool, it works with the given subscription id, except the following case:

The tool itself logs in with azure cli as a first step, you should see the output of the login similar to below:

13726-ynsir.png

If the subscription here is different than you expected, that might be because the username and password that you provided belongs to multiple subscriptions, and the default is selected. If this is the case, the role assignment phase will most certainly fail.

As a workaround you can run download official azure cli and run these steps by hand after changing the default subscription.

azure account set new-default-subscription

I will file an issue to set the default subscription automatically in the tool to the one provided by the parameter.

Hope this helps!

View solution in original post

2 REPLIES 2

@Peter Teunissen

What do you mean exactly by switching subscriptions? You can check the source of the tool, it works with the given subscription id, except the following case:

The tool itself logs in with azure cli as a first step, you should see the output of the login similar to below:

13726-ynsir.png

If the subscription here is different than you expected, that might be because the username and password that you provided belongs to multiple subscriptions, and the default is selected. If this is the case, the role assignment phase will most certainly fail.

As a workaround you can run download official azure cli and run these steps by hand after changing the default subscription.

azure account set new-default-subscription

I will file an issue to set the default subscription automatically in the tool to the one provided by the parameter.

Hope this helps!

Thanks @pdarvasi, that solved the issue.

It was indeed the fact that my user has multiple subscriptions and it switched to the wrong one. It would be a good thing if the tool is able to handle that correctly. Thanks for filing the issue.

I also noted that the current script greps for 'data: Application Id:' but at least in the latest version of the Azure CLI it actually reads 'data: AppId:' in the output. This might require a change to the tool also.

Thanks for the help!