search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.54k stars 2.77k forks source link

The api-version '2022-04-01' is invalid. when using malformed scope for role_assignments.list_for_scope method. #37423

Open db0 opened 1 day ago

db0 commented 1 day ago

The method I'm trying to use is documented here:

https://learn.microsoft.com/en-in/python/api/azure-mgmt-authorization/azure.mgmt.authorization.v2022_04_01.operations.roleassignmentsoperations?view=azure-python#azure-mgmt-authorization-v2022-04-01-operations-roleassignmentsoperations-list-for-scope

When trying to use it, once received this exception:

azure.core.exceptions.HttpResponseError: (InvalidApiVersionParameter) The api-version '2022-04-01' is invalid.

Using a different API version results in a missing endpoint exception.

The same can be replicated directly from the azure API here: https://learn.microsoft.com/en-us/rest/api/authorization/role-definitions/list

So it seems that the Azure API removed this endpoint.

I'm using version 4.0.0 of azure-mgmt-authorization on Ubuntu.

The code I'm using for reference is

from azure.mgmt.authorization import AuthorizationManagementClient

[...]

  def get_role_assignments_for_vm(self, vm_id, role_definition_id, authorization_client):
    # Get role assignments for a given VM and role definition ID
    role_assignments = authorization_client.role_assignments.list_for_scope(vm_id)
    assigned_members = []
    for role_assignment in role_assignments:
        if role_assignment.role_definition_id == role_definition_id:
            principal_id = role_assignment.principal_id
            assigned_members.append(principal_id)

And the vm_id I'm sending is like

/subscriptions/00000000-0000-0000-0000-42c2f52c69f8/resourceGroups/rsg-resourcegroup-001/microsoft.compute/virtualmachines/VMNAME

and the authorization_client is 

authorization_client = AuthorizationManagementClient(credential, subscription_id)
github-actions[bot] commented 1 day ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AshishGargMicrosoft @darshanhs90.

db0 commented 1 day ago

Update. It seems this might be a case of wrong error.

Trying to use the API directly with just scope 

/subscriptions/00000000-0000-0000-0000-42c2f52c69f8

Is actually returning results. So somehow the scope I'm passing is returning an API version error instead of something more appropriate.

db0 commented 1 day ago

OK I managed to trace that this is a case of a malformed scope. Passing a scope which doesn't exist like the one I sent 

/subscriptions/00000000-0000-0000-0000-42c2f52c69f8/resourceGroups/rsg-resourcegroup-001/microsoft.compute/virtualmachines/VMNAME

returns a missing API.

However the correct scope

/subscriptions/00000000-0000-0000-0000-42c2f52c69f8/resourceGroups/rsg-resourcegroup-001/providers/microsoft.compute/virtualmachines/VMNAME

Works

xiangyan99 commented 1 day ago

Thanks for the feedback, we’ll investigate asap.