Closed daryltanwk closed 2 years ago
The api we are using is not giving the effective permission to the subscription when it's been assigned to the management group.
From now I suggest you add the following tag in your rover command to skip the verification step
--skip-permission-check
closing as answer provided
Given that --skip-permission-check
is currently only checked as a launchpad, doesn't it make sense to have this check by default in shell scripts as well?
Bug Report
Reported Behavior
When attempting to run rover plan for launchpad subscription, an error is displayed:
No launchpad found. Deploying from scratch the launchpad @calling initialize_state Checking required permissions @checking if current user (object_id:) is Owner of the subscription - only for launchpad
WARNING: The underlying Active Directory Graph API will be replaced by Microsoft Graph API in a future version of Azure CLI. Please carefully review all breaking changes introduced during this migration: https://docs.microsoft.com/cli/azure/microsoft-graph-migration
Error on or near line 309: the current account must have Owner privilege on the subscription to deploy launchpad.; exiting with status 2
Expected Behavior
rover command should successfully execute
Reproduction
Steps to reproduce or witness the behavior:
Suggestions
Modify permission validation checks from rover to also allow inherited ownership from parent management groups