Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[RBAC] Issues with Role Definition commands
See original GitHub issueThe role definition commands work very poorly and are extremely unreliable.
If I run the following:
az role definition create --role-definition @myrole.json
az role definition delete -n my-custom-role
Now when I run az role definition list -n my-custom-role multiple times, I get very unpredictable results. Sometimes I get nothing, implying the delete succeeded. Other times I get something, implying the delete failed.
Also, if I run az role definition delete -n my-custom-role multiple times, there are three scenarios:
- It will appear to work because the internal list operation returns nothing
- It will appear to work because the internal list operation returns something and the delete operation succeeds.
- It will appear to fail because the internal list operation returns something and the delete operation returns with a 204 response code which is interpreted by the SDK as a CloudError.
Environment summary
Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Answer here: dev_setup.py
CLI Version: What version of the CLI and modules are installed? (Use az --version)
Answer here: latest master
OS Version: What OS and version are you using?
Answer here: Win10CU
Shell Type: What shell are you using? (e.g. bash, cmd.exe, Bash on Windows)
Answer here: cmd.exe
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I see the same delay on
az role definition createas well. I can run it, then runaz role definition listwith the name of the role I just created and it comes back with nothing. Not sure how to handle this on the back end, but is a poor end user experience.The output from the
createcommand also does not line up with the actual JSON in the definition file as well, making it harder to troubleshoot. Will log a separate issue on this though.There is no fancy logic in
delete_role_definition:https://github.com/Azure/azure-cli/blob/5edbd822ee860d7ba5d5182811b68233e0846ba8/src/azure-cli/azure/cli/command_modules/role/custom.py#L107-L114
This AD Graph latency is by-design and there is no plan on the service side to improve it. As a workaround, the script can use
az role definition listto query on the result and take actions accordingly.