You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Wanting to use the resource data "azurerm_kubernetes_cluster" to lookup ARM related properties without getting kube credentials.
Today, my service principal has Reader scope on the group with a kubernetes cluster in it, but gets
managedclusters.ManagedClustersClient#GetAccessProfile: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '' with object id '' does not have authorization to perform action 'Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action' over scope '/subscriptions//resourceGroups//providers/Microsoft.ContainerService/managedClusters//accessProfiles/clusterUser' or the scope is invalid. If access was recently granted, please refresh your credentials."
If the account doesn't have cluster user permissions, but read permissions to the resource, it should still retrieve ARM properties without kube credentials to perform kubernetes based provider actions
New or Affected Resource(s)/Data Source(s)
azurerm_kubernetes_cluster (data source)
Potential Terraform Configuration
data"azurerm_kubernetes_cluster""example" {
name="myakscluster"resource_group_name="my-example-resource-group"exclude_kube_log=true# default false to retain current behaviour
}
References
Location where cluster credentials are retrieved after the ARM lookup
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is there an existing issue for this?
Community Note
Description
Wanting to use the resource
data "azurerm_kubernetes_cluster"
to lookup ARM related properties without getting kube credentials.Today, my service principal has Reader scope on the group with a kubernetes cluster in it, but gets
If the account doesn't have cluster user permissions, but read permissions to the resource, it should still retrieve ARM properties without kube credentials to perform kubernetes based provider actions
New or Affected Resource(s)/Data Source(s)
azurerm_kubernetes_cluster (data source)
Potential Terraform Configuration
References
Location where cluster credentials are retrieved after the ARM lookup
terraform-provider-azurerm/internal/services/containers/kubernetes_cluster_data_source.go
Lines 686 to 700 in 38746c3
The text was updated successfully, but these errors were encountered: