Describe the bug
The --attach-zone parameters of the az aks approuting command doesn't assign the right permissions when doing the role assignment.
- For public/global Azure DNS zones, that should be
DNS Zone Contributor, which is what it is doing right now.
- For private Azure DNS zones, that should be
Private DNS Zone Contirbutor, which is now being incorrectly set to DNS Zone Contributor.
This should be fixed for both the create and update functionality.
The code in reference is here:
|
if not add_role_assignment( |
|
if not add_role_assignment( |
Related command
az aks approuting zone add
Errors
The created role assignment is incorrect, which leads External DNS on the cluster to not work properly.
Issue script & Debug output
Expected behavior
- For public/global Azure DNS zones, that should be
DNS Zone Contributor, which is what it is doing right now.
- For private Azure DNS zones, that should be
Private DNS Zone Contirbutor, which is now being incorrectly set to DNS Zone Contributor.
This should be fixed for both the create and update functionality.
Environment Summary
azure-cli 2.54.0 *
core 2.54.0 *
telemetry 1.1.0
Extensions:
aks-preview 1.0.0b4
alb 1.0.0
amg 1.2.9
connectedk8s 1.5.3
containerapp 0.3.43
fleet 1.0.0
interactive 0.5.3
k8s-extension 1.5.2
load 0.3.2
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location '/opt/az/bin/python3'
Extensions directory '/home/asabbour/.azure/cliextensions'
Python (Linux) 3.11.5 (main, Nov 8 2023, 05:20:54) [GCC 11.4.0]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response
Describe the bug
The
--attach-zoneparameters of theaz aks approutingcommand doesn't assign the right permissions when doing the role assignment.DNS Zone Contributor, which is what it is doing right now.Private DNS Zone Contirbutor, which is now being incorrectly set toDNS Zone Contributor.This should be fixed for both the create and update functionality.
The code in reference is here:
azure-cli-extensions/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
Line 4490 in 06ad14f
azure-cli-extensions/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
Line 4517 in 06ad14f
Related command
az aks approuting zone addErrors
The created role assignment is incorrect, which leads External DNS on the cluster to not work properly.
Issue script & Debug output
Expected behavior
DNS Zone Contributor, which is what it is doing right now.Private DNS Zone Contirbutor, which is now being incorrectly set toDNS Zone Contributor.This should be fixed for both the create and update functionality.
Environment Summary
azure-cli 2.54.0 *
core 2.54.0 *
telemetry 1.1.0
Extensions:
aks-preview 1.0.0b4
alb 1.0.0
amg 1.2.9
connectedk8s 1.5.3
containerapp 0.3.43
fleet 1.0.0
interactive 0.5.3
k8s-extension 1.5.2
load 0.3.2
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location '/opt/az/bin/python3'
Extensions directory '/home/asabbour/.azure/cliextensions'
Python (Linux) 3.11.5 (main, Nov 8 2023, 05:20:54) [GCC 11.4.0]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response