Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az k8s-extension create | Attempt to register a Resource Provider that is already registered #8293

Open
dupuyjs opened this issue Nov 18, 2024 · 5 comments
Open

az k8s-extension create | Attempt to register a Resource Provider that is already registered #8293

dupuyjs opened this issue Nov 18, 2024 · 5 comments
Assignees
@AllyW @kairu-ms
Labels
Alerts Management Auto-Assign Auto assign by bot bug This issue requires a change to an existing behavior in the product in order to be resolved. Connected Kubernetes customer-reported Issues that are reported by GitHub users external to the Azure organization. extension/grafana az grafana Service Attention This issue is responsible by Azure service team.

Comments

@dupuyjs
Copy link

dupuyjs commented Nov 18, 2024
edited
Loading

Describe the bug

When executing the az k8s-extension create command, the extension fails with the following error message:

Registering microsoft.monitor RP for the subscription __SUBSCRIPTION_ID__
Forbidden({"error":{"code":"AuthorizationFailed","message":"The client '__OBJECT_ID__' with object id '__OBJECT_ID__' does not have authorization to perform action 'microsoft.monitor/register/action' over scope '/subscriptions
/__SUBSCRIPTION_ID__' or the scope is invalid. If access was recently granted, please refresh your credentials."}})

The signed-in user does not have permission to register a provider, so the error message is accurate. However, this provider (Microsoft.Monitor) is already registered, and the extension should not attempt to perform this task.

az provider show --namespace Microsoft.Monitor --query registrationState
"Registered"

Issue is located in file helper.py

The following code requires an update (starting line 65). The value isAlertsManagementRpRegistered is incorrectly set to True for both microsoft.monitor and microsoft.dashboard. The correct values isMoniotrRpRegistered and isDashboardRpRegistered should be used instead.

if value["namespace"].lower() == "microsoft.insights" and value["registrationState"].lower() == "registered":
    isInsightsRpRegistered = True
if value["namespace"].lower() == "microsoft.alertsmanagement" and value["registrationState"].lower() == "registered":
    isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.monitor" and value["registrationState"].lower() == "registered":
    isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.dashboard" and value["registrationState"].lower() == "registered":
    isAlertsManagementRpRegistered = True

Fixed code:

if value["namespace"].lower() == "microsoft.insights" and value["registrationState"].lower() == "registered":
    isInsightsRpRegistered = True
if value["namespace"].lower() == "microsoft.alertsmanagement" and value["registrationState"].lower() == "registered":
    isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.monitor" and value["registrationState"].lower() == "registered":
    isMoniotrRpRegistered= True
if value["namespace"].lower() == "microsoft.dashboard" and value["registrationState"].lower() == "registered":
    isDashboardRpRegistered= True

In addition, there is a typo error in the term isMoniotrRpRegistered, it should be corrected to isMonitorRpRegistered.

Related command

az k8s-extension create --name azuremonitor-metrics --cluster-name __CLUSTER_NAME__ --resource-group __RESOURCE_GROUP__ --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers.Metrics --configuration-settings azure-monitor-workspace-resource-id=__AZ_MONITOR_WORKSPACE_RESOURCE_ID__ grafana-resource-id=__AZ_GRAFANA_RESOURCE_ID__

Errors

Registering microsoft.monitor RP for the subscription __SUBSCRIPTION_ID__
Forbidden({"error":{"code":"AuthorizationFailed","message":"The client '__OBJECT_ID__' with object id '__OBJECT_ID__' does not have authorization to perform action 'microsoft.monitor/register/action' over scope '/subscriptions
/__SUBSCRIPTION_ID__' or the scope is invalid. If access was recently granted, please refresh your credentials."}})

Issue script & Debug output

Issue is located in file helper.py as described in the main section.

Expected behavior

Do not register Microsoft.Monitor resource provider if it is already registered.

Environment Summary

azure-cli 2.66.0

core 2.66.0
telemetry 1.1.0

Extensions:
amg 2.5.3
azure-iot-ops 1.0.0
connectedk8s 1.10.2
k8s-configuration 2.1.0
k8s-extension 1.6.2

Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1

Python location '/opt/az/bin/python3'
Extensions directory '/home/azureuser/.azure/cliextensions'

Python (Linux) 3.12.7 (main, Oct 30 2024, 03:56:40) [GCC 11.4.0]

Additional context

No response
@dupuyjs dupuyjs added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Nov 18, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. Auto-Assign Auto assign by bot Connected Kubernetes Service Attention This issue is responsible by Azure service team. extension/grafana az grafana labels Nov 18, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @akashkeshari.

@yonzhan yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Nov 18, 2024
@yonzhan
Copy link
Collaborator

yonzhan commented Nov 18, 2024

route to service team

@dupuyjs dupuyjs mentioned this issue Dec 4, 2024
Open
4 tasks
@dupuyjs
Copy link
Author

dupuyjs commented Dec 4, 2024
edited
Loading

@yonzhan Thanks. For reference, it's not a question, it's a bug - the wrong resource provider was targeted. Implemented the fix at #8357.

@yonzhan yonzhan added bug This issue requires a change to an existing behavior in the product in order to be resolved. and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Dec 4, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @liadtal, @yairgil.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @akashkeshari.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AllyW AllyW

@kairu-ms kairu-ms

Labels
Alerts Management Auto-Assign Auto assign by bot bug This issue requires a change to an existing behavior in the product in order to be resolved. Connected Kubernetes customer-reported Issues that are reported by GitHub users external to the Azure organization. extension/grafana az grafana Service Attention This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AllyW @dupuyjs @yonzhan @kairu-ms