az k8s-extension create | Attempt to register a Resource Provider that is already registered #8293
Description
Describe the bug
When executing the az k8s-extension create command, the extension fails with the following error message:
Registering microsoft.monitor RP for the subscription __SUBSCRIPTION_ID__
Forbidden({"error":{"code":"AuthorizationFailed","message":"The client '__OBJECT_ID__' with object id '__OBJECT_ID__' does not have authorization to perform action 'microsoft.monitor/register/action' over scope '/subscriptions
/__SUBSCRIPTION_ID__' or the scope is invalid. If access was recently granted, please refresh your credentials."}})The signed-in user does not have permission to register a provider, so the error message is accurate. However, this provider (Microsoft.Monitor) is already registered, and the extension should not attempt to perform this task.
az provider show --namespace Microsoft.Monitor --query registrationState
"Registered"Issue is located in file helper.py
The following code requires an update (starting line 65). The value isAlertsManagementRpRegistered is incorrectly set to True for both microsoft.monitor and microsoft.dashboard. The correct values isMoniotrRpRegistered and isDashboardRpRegistered should be used instead.
if value["namespace"].lower() == "microsoft.insights" and value["registrationState"].lower() == "registered":
isInsightsRpRegistered = True
if value["namespace"].lower() == "microsoft.alertsmanagement" and value["registrationState"].lower() == "registered":
isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.monitor" and value["registrationState"].lower() == "registered":
isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.dashboard" and value["registrationState"].lower() == "registered":
isAlertsManagementRpRegistered = True
Fixed code:
if value["namespace"].lower() == "microsoft.insights" and value["registrationState"].lower() == "registered":
isInsightsRpRegistered = True
if value["namespace"].lower() == "microsoft.alertsmanagement" and value["registrationState"].lower() == "registered":
isAlertsManagementRpRegistered = True
if value["namespace"].lower() == "microsoft.monitor" and value["registrationState"].lower() == "registered":
isMoniotrRpRegistered= True
if value["namespace"].lower() == "microsoft.dashboard" and value["registrationState"].lower() == "registered":
isDashboardRpRegistered= True
In addition, there is a typo error in the term isMoniotrRpRegistered, it should be corrected to isMonitorRpRegistered.
Related command
az k8s-extension create --name azuremonitor-metrics --cluster-name __CLUSTER_NAME__ --resource-group __RESOURCE_GROUP__ --cluster-type connectedClusters --extension-type Microsoft.AzureMonitor.Containers.Metrics --configuration-settings azure-monitor-workspace-resource-id=__AZ_MONITOR_WORKSPACE_RESOURCE_ID__ grafana-resource-id=__AZ_GRAFANA_RESOURCE_ID__Errors
Registering microsoft.monitor RP for the subscription __SUBSCRIPTION_ID__
Forbidden({"error":{"code":"AuthorizationFailed","message":"The client '__OBJECT_ID__' with object id '__OBJECT_ID__' does not have authorization to perform action 'microsoft.monitor/register/action' over scope '/subscriptions
/__SUBSCRIPTION_ID__' or the scope is invalid. If access was recently granted, please refresh your credentials."}})Issue script & Debug output
Issue is located in file helper.py as described in the main section.
Expected behavior
Do not register Microsoft.Monitor resource provider if it is already registered.
Environment Summary
azure-cli 2.66.0
core 2.66.0
telemetry 1.1.0
Extensions:
amg 2.5.3
azure-iot-ops 1.0.0
connectedk8s 1.10.2
k8s-configuration 2.1.0
k8s-extension 1.6.2
Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1
Python location '/opt/az/bin/python3'
Extensions directory '/home/azureuser/.azure/cliextensions'
Python (Linux) 3.12.7 (main, Oct 30 2024, 03:56:40) [GCC 11.4.0]
Additional context
No response