Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

az network list-service-tags requires subscription level rights

See original GitHub issue

Describe the bug

Command Name az network list-service-tags

Errors: Returns empty list if the user does not have subscription level rights. I didn’t debug which rights are required but compared two logins; one that has Service Administrator to a subscription and other that does not have any role.

To Reproduce:

  • az network list-service-tags --location westeurope

Expected Behavior

Listing service tags doesn’t of public Azure services does not require subscription level rights.

Environment Summary

macOS-10.15.3-x86_64-i386-64bit
Python 3.8.1
Shell: bash

azure-cli 2.0.80 *

Extensions:
azure-devops 0.17.0

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:15 (4 by maintainers)

github_iconTop GitHub Comments

7reactions
matthewfryecommented, Oct 15, 2020

I’m running into a similar issue even when I have read access at the subscription level. I can’t pull back AzureCloud tags. It ends at WindowsVirtualDesktop tags.

Also, why should it be required to have read access at the subscription level to pull back publicly known IPs? You provide that info in a weekly file that requires no authentication, but you can’t provide it without having read access at the subscription level?

5reactions
mgrabarzcommented, Oct 26, 2020

@allegradomel I understand this is by design, but apparently this is bad design. 😃

I fully support @matthewfrye here.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure service tags overview - Virtual Network - Microsoft Learn
Tag Can use inbound or outbound? Can be regional? Can use... ActionGroup Inbound No No ApiManagement Inbound Yes Yes ApplicationInsightsAvailability Inbound No No
Read more >
Azure service tags REST API and subscription level rights
To use servicetags api you have to register Microsoft.Netowork resource provider at azure subscription level. In you subscription blade.
Read more >
haflidif/network/azurerm - Terraform Registry
Subnet delegation gives explicit permissions to the service to create service-specific resources in the subnet using a unique identifier during ...
Read more >
azure | Journey Of The Geek
At the most basic level, Private Endpoints are a way to control network access to instances of PaaS (platform-as-a-service) services you consume ...
Read more >
Setting up azure firewall for analysing outgoing traffic in AKS
The following will allow dns, time and the service tags for the azure container registry. az network firewall network-rule create --firewall-name $FW_NAME ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Allow generation of stable but unique name for resources

Next page

az aks update --api-server-authorized-ip-ranges {} results in "Changing enablePrivateCluster is not allowed. It can only be set while creating the cluster."