Open jikuja opened 1 month ago
Thanks for reporting! Todo: double check if there's limitation regarding subscription API when MSI Warning message sounds reasonable enough.
The limitation is somewhere on RMProfileClient. The author of https://github.com/Azure/azure-powershell/commit/3fc2c44d73fa39fcc9c901795d2c7cd25b1a6ace should know what they fixed.
Subscription list is done by GET https://management.azure.com/subscriptions?api-version=2021-01-01
and the tenant selection is done by injecting tenant-specific authentication tokens provided by the MSAL.
The potential limitation might be in https://github.com/Azure/azure-powershell/blob/ebc6c1dd444c28b26c8598dcac70fe34414114d5/src/Accounts/Authenticators/ManagedServiceIdentityAuthenticator.cs if that or function being called does not resolve tenant host name to GUID.
Description
This issue happens only whan managed service identity is being used.
If user input tenant id that does not match with the Default Context tenant id command silently ignore usser input and does nothing:
https://github.com/Azure/azure-powershell/blob/b60bd252c86a5459ab28476651fd45f8810e839f/src/Accounts/Accounts/Subscription/GetAzureRMSubscription.cs#L109-L121
When using other authentication methods
-tenantId
allows using tenant name. For script portability that should also be supported with managed service authentication.If usage of the tenant names cannot be used with managed service authentication command should at least warn about unexpected input instead on silently doing nothing.
Issue script & Debug output
Environment data
Module versions
Error output