Closed maxchenz closed 7 months ago
danielsollondon
commented
3 years ago hi @maxchenz - please can you raise a support ticket and 'll triage it with the support team: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/image-builder-troubleshoot#getting-support
maxchenz
commented
3 years ago I've raised a MS Support ticket and they are engaging the PG.
danielsollondon
commented
3 years ago @maxchenz - sorry for the delay, has this been resolved?
maxchenz
commented
3 years ago Hi Daniel, the problem doesn't relate with the managed identity permissions, but around the permissions of the person invoking the commands. Basically, we had to temporarily provide contributor permissions on the resource group which isn't recommended for long term in our corporate environment. We would have to sort out all the permissions needed to continue on.
danielsollondon
commented
7 months ago Apologies for the delay, if you still see this issue, please raise here: https://github.com/danielsollondon/azvmimagebuilder/issues/127
Followed the documentation and went to try this and got an error message about permissions of the Azure account I was logged into when trying to create the AIB template. I'm running this process through Azure Cloud Shell Powershell. Here is the MS document I followed - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/image-builder-powershell
Create an Azure image builder template:
$ImgTemplateParams = @{ ImageTemplateName = $imageTemplateName ResourceGroupName = $imageResourceGroup Source = $srcPlatform Distribute = $disSharedImg Customize = $Customizer01, $Customizer02 Location = $location UserAssignedIdentityId = $identityNameResourceId } New-AzImageBuilderTemplate @ImgTemplateParams
NOTE: I have logged into the Azure Portal with my credentials and thought it was supposed to be using the managed user-identity to create the template, but the message is around my access to write to the resource group.
Error Message:
New-AzImageBuilderTemplate_Create: /home/myacct/.local/share/powershell/Modules/Az.ImageBuilder/0.1.2/custom/New-AzImagerBuilderTemplate.ps1:312 Line | 312 | Az.ImageBuilder.internal\New-AzImageBuilderTemplate @PSBo … |
~~~~~~~~~~~~~ | The client 'myacct' with object id 'myobjectID' does not have authorization to perform action | 'Microsoft.VirtualMachineImages/imageTemplates/write' over scope | '/subscriptions/mySubID/resourceGroups/myRG/providers/Microsoft.VirtualMachineImages/imageTemplates/myWinImage' or the scope is invalid. If access was recently granted, please refresh your credentials.