Describe the bug
Before opening the case Cx was using direct shared gallery, and it was working fine unti 21st of february. THey starting getting errors (mentioned later) and as testing, they've disabled it, and not the option is greyed out.
- The main goal is for Cx to be able to re-enable the direct shared gallery
as the goad is to share the gallery across tenants, Cx doesn't mind to use RBAC sharing instead. Still, no matter which option, customer is not able to access an image located in another tenant.
It was working fine until 21st Feb
Command used:
az sig image-version create --gallery-image-definition ado_image --gallery-image-version 1.3.0_test --gallery-name packer_shareimages --resource-group RG-SHARED-AMI --image-version /subscriptions/e6b5053b-4c38-4475-a835-a025aeb3d8c7/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0
Error:
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0_test', however the current tenant '77f54315-6dde-4fe7-9e17-74762c3eb096' is not authorized to access linked subscription 'e6b5053b-4c38-4475-a835-a025aeb3d8c7'.
(happen also with other image versions)
Production (target):
/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages
type: Microsoft.Compute/galleries
location: uksouth
Non prod (source):
/subscriptions/e6b5053b-4c38-4475-a835-a025aeb3d8c7/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages
type: Microsoft.Compute/galleries
location: uksouth
Related command
az sig image-vresion create
Errors
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0_test', however the current tenant '77f54315-6dde-4fe7-9e17-74762c3eb096' is not authorized to access linked subscription 'e6b5053b-4c38-4475-a835-a025aeb3d8c7'.
Issue script & Debug output
Auxiliary tokens missing in the latest version of CLI.
Expected behavior
N/A
Environment Summary
azure-cli 2.69.0
Additional context
No response
Describe the bug
Before opening the case Cx was using direct shared gallery, and it was working fine unti 21st of february. THey starting getting errors (mentioned later) and as testing, they've disabled it, and not the option is greyed out.
as the goad is to share the gallery across tenants, Cx doesn't mind to use RBAC sharing instead. Still, no matter which option, customer is not able to access an image located in another tenant.
It was working fine until 21st Feb
Command used:
az sig image-version create --gallery-image-definition ado_image --gallery-image-version 1.3.0_test --gallery-name packer_shareimages --resource-group RG-SHARED-AMI --image-version /subscriptions/e6b5053b-4c38-4475-a835-a025aeb3d8c7/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0
Error:
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0_test', however the current tenant '77f54315-6dde-4fe7-9e17-74762c3eb096' is not authorized to access linked subscription 'e6b5053b-4c38-4475-a835-a025aeb3d8c7'.
(happen also with other image versions)
Production (target):
/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages
type: Microsoft.Compute/galleries
location: uksouth
Non prod (source):
/subscriptions/e6b5053b-4c38-4475-a835-a025aeb3d8c7/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages
type: Microsoft.Compute/galleries
location: uksouth
Related command
az sig image-vresion createErrors
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/9ab65d81-930d-4cc0-a93d-367e14676bc0/resourceGroups/RG-SHARED-AMI/providers/Microsoft.Compute/galleries/packer_shareimages/images/ado_image/versions/1.3.0_test', however the current tenant '77f54315-6dde-4fe7-9e17-74762c3eb096' is not authorized to access linked subscription 'e6b5053b-4c38-4475-a835-a025aeb3d8c7'.
Issue script & Debug output
Auxiliary tokens missing in the latest version of CLI.
Expected behavior
N/A
Environment Summary
azure-cli 2.69.0
Additional context
No response