Describe the bug
Azure Load balancer supports cross-subscription load balancing. with either the frontend IP address or the backend VNet residing in different subscriptions. However, CLI only supports cross-subscription load balancing within a single Microsoft Tenant. Cross-Tenant linkage is supported on Load balancer through ARM/rest API, and we would like to extend support to CLI.
Cross-tenant support should be enabled for both LB creates but also any LB updates as well (probes, rules, etc.)
Cross-tenant deployments needs to include x-ms-authorization-auxiliary tokens in the header of the payload.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant
Related command
az network lb
Errors
(LinkedAuthorizationFailed) The client has permission to perform action 'Microsoft.Network/loadBalancers/backendAddressPools/join/action' on scope '/subscriptions/8ffb2cba-9d0c-4f5b-9465-24c6fd9954b1/resourceGroups/mahip3/providers/Microsoft.Network/networkInterfaces/test428_z1', however the current tenant 'ca4b3f71-9173-47df-baff-8538b81446b5' is not authorized to access linked subscription '6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2'.
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Network/loadBalancers/backendAddressPools/join/action' on scope '/subscriptions/8ffb2cba-9d0c-4f5b-9465-24c6fd9954b1/resourceGroups/mahip3/providers/Microsoft.Network/networkInterfaces/test428_z1', however the current tenant 'ca4b3f71-9173-47df-baff-8538b81446b5' is not authorized to access linked subscription '6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2'.
Issue script & Debug output
NA
Expected behavior
Cross-tenant deployments are supported on CLI
Environment Summary
azure-cli 2.40.0 *
core 2.40.0 *
telemetry 1.0.8 *
Dependencies:
msal 1.20.0b1
azure-mgmt-resource 21.1.0b1
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\mahipdeora.azure\cliextensions'
Python (Windows) 3.10.5 (tags/v3.10.5:f377153, Jun 6 2022, 15:58:59) [MSC v.1929 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
please reach out to me on teams with any questions
Describe the bug
Azure Load balancer supports cross-subscription load balancing. with either the frontend IP address or the backend VNet residing in different subscriptions. However, CLI only supports cross-subscription load balancing within a single Microsoft Tenant. Cross-Tenant linkage is supported on Load balancer through ARM/rest API, and we would like to extend support to CLI.
Cross-tenant support should be enabled for both LB creates but also any LB updates as well (probes, rules, etc.)
Cross-tenant deployments needs to include x-ms-authorization-auxiliary tokens in the header of the payload.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant
Related command
az network lb
Errors
(LinkedAuthorizationFailed) The client has permission to perform action 'Microsoft.Network/loadBalancers/backendAddressPools/join/action' on scope '/subscriptions/8ffb2cba-9d0c-4f5b-9465-24c6fd9954b1/resourceGroups/mahip3/providers/Microsoft.Network/networkInterfaces/test428_z1', however the current tenant 'ca4b3f71-9173-47df-baff-8538b81446b5' is not authorized to access linked subscription '6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2'.
Code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.Network/loadBalancers/backendAddressPools/join/action' on scope '/subscriptions/8ffb2cba-9d0c-4f5b-9465-24c6fd9954b1/resourceGroups/mahip3/providers/Microsoft.Network/networkInterfaces/test428_z1', however the current tenant 'ca4b3f71-9173-47df-baff-8538b81446b5' is not authorized to access linked subscription '6bb4a28a-db84-4e8a-b1dc-fabf7bd9f0b2'.
Issue script & Debug output
NA
Expected behavior
Cross-tenant deployments are supported on CLI
Environment Summary
azure-cli 2.40.0 *
core 2.40.0 *
telemetry 1.0.8 *
Dependencies:
msal 1.20.0b1
azure-mgmt-resource 21.1.0b1
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\mahipdeora.azure\cliextensions'
Python (Windows) 3.10.5 (tags/v3.10.5:f377153, Jun 6 2022, 15:58:59) [MSC v.1929 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
please reach out to me on teams with any questions