Skip to content

RBAC Propagations can cause failure. #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mbiver wants to merge 2 commits into
base: main
Choose a base branch
from
Open

RBAC Propagations can cause failure. #414

mbiver wants to merge 2 commits into from

Conversation

@mbiver
Copy link
Contributor

@mbiver mbiver commented Jan 20, 2026

The command :

az role assignment create --assignee $imgBuilderCliId --role "$imageRoleDefName" --scope /subscriptions/$subscriptionID/resourceGroups/$sigResourceGroup

is offered along with several others in the copy code block, but it does require RBAC propagation and different errors can occur depending on the RBAC propagation stage. recommend either breaking this command out of the copy code block or at least adding a warning about the delay so users are not sidetracked by troubleshooting something that is not actually broken, just requires a slight delay prior to executing.

@mbiver
RBAC Propagations can cause failure.
b91b90f 
The command : 

az role assignment create --assignee $imgBuilderCliId --role "$imageRoleDefName" --scope /subscriptions/$subscriptionID/resourceGroups/$sigResourceGroup

is offered along with several others in the copy code block, but it does require RBAC propagation and different errors can occur depending on the RBAC propagation stage.  recommend either breaking this command out of the copy code block or at least adding a warning about the delay so users are not sidetracked by troubleshooting something that is not actually broken, just requires a slight delay prior to executing.
@prmerger-automator prmerger-automator bot requested review from ju-shim and kof-f January 20, 2026 21:33
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Jan 20, 2026

@mbiver : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Jan 20, 2026

Learn Build status updates of commit b91b90f:

✅ Validation status: passed

File Status Preview URL Details
articles/virtual-machines/linux/image-builder.md ✅Succeeded

For more details, please refer to the build report.

@v-dirichards v-dirichards requested a review from Copilot January 20, 2026 21:37
@v-dirichards
Copy link
Contributor

v-dirichards commented Jan 20, 2026

@kof-f

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged C+L Pull Request Review Team label label Jan 20, 2026
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Azure VM Image Builder documentation to warn users about potential RBAC propagation delays when assigning a role to a user-assigned identity. The goal is to reduce confusion and unnecessary troubleshooting when the az role assignment create command fails due to propagation lag rather than a misconfiguration.

Changes:

  • Expanded the inline comment preceding az role assignment create in the Linux Image Builder CLI sample to explain that the command’s success depends on RBAC propagation.
  • Advised users to wait before running the command and to retry after a delay if an error occurs.

@v-dirichards
typo fix
d0f6aee 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Jan 20, 2026

Learn Build status updates of commit d0f6aee:

✅ Validation status: passed

File Status Preview URL Details
articles/virtual-machines/linux/image-builder.md ✅Succeeded

For more details, please refer to the build report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@v-dirichards v-dirichards v-dirichards left review comments

Copilot code review Copilot Copilot left review comments

@kof-f kof-f Awaiting requested review from kof-f

@ju-shim ju-shim Awaiting requested review from ju-shim

Assignees

@kof-f kof-f

Labels

aq-pr-triaged C+L Pull Request Review Team label azure-virtual-machines/svc Change sent to author do-not-merge image-builder/subsvc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbiver @v-dirichards @kof-f