Bug 1395106 - [RFE] can't connect to Azure - CSP Membership
Summary: [RFE] can't connect to Azure - CSP Membership
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.6.0
Hardware: All
OS: All
high
high
Target Milestone: GA
: cfme-future
Assignee: Daniel Berger
QA Contact: Jeff Teehan
URL:
Whiteboard: azure
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-15 07:56 UTC by Gellert Kis
Modified: 2020-04-15 14:51 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-19 21:41:42 UTC
Category: Bug
Cloudforms Team: Azure
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Gellert Kis 2016-11-15 07:56:31 UTC 
Description of problem:

Can't connect to azure CSP type membership account. 

CF Error Message: "Invalid Subscription ID" 

Following error is received when workaround is used overcoming limitations of CSP account. 

Workaround is : "using an private Account with AD and sync them with CSP Child Account AD" https://blogs.technet.microsoft.com/hybridcloudbp/2016/03/04/microsoft-azure-and-csp/


112397 [----] W, [2016-11-14T16:11:47.521982 #3215:1966134]  WARN -- : MIQ(ManageIQ::Providers::Azure::CloudManager#authentication_check_no_validation) type: ["default"] for [] [Azure Test] Validation failed: invalid, Incorrect credential       s - check your Azure Subscription ID
112398 [----] E, [2016-11-14T16:11:47.522253 #3215:1966134] ERROR -- : MIQ(ems_cloud_controller-create): Credential validation was not successful: Incorrect credentials - check your Azure Subscription ID

Cloud Solution Provider (CSP) Azure membership require different handling than regular azure membership. All Azure AD Features, which are covered by Classic Portal access, are not implemented yet. 

Suspected source of problem is : Issue with Subscription transmission on the Azure Site. 



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Greg Blomquist 2016-11-17 14:56:18 UTC 
Bronagh, I'm not sure what CSP is, but it might not be supported with ARM.
Comment 4 Bronagh Sorota 2016-11-17 15:45:04 UTC 
Dan,
Were you able to find a way to authenticate to an Azure CSP account? I dug a bit but given that Azure AD doesn't work with CSP I cannot see a way forward.

Bronagh
Comment 5 Daniel Berger 2016-11-21 20:30:54 UTC 
Gellert, if you login to the new portal, are you able to see any resources? What does the "subscriptions" menu option show you in the new portal? I'm wondering if someone needs to add a role for your account to the subscription.
Comment 7 Felix Dewaleyne 2016-12-12 15:31:10 UTC 
which release are we looking at for this ? 5.8?
Comment 8 Gellert Kis 2016-12-16 11:15:10 UTC 
We need info about when CSP will be integrated ?
Comment 9 Daniel Berger 2017-02-06 17:08:47 UTC 
Gellert, are there multiple subscriptions associated with those credentials? What is the output if you use the Azure CLi and do "azure account show" and "azure account list"?

The fundamental problem with the 5.6.x branch is that there's no option to insert a subscription ID. The code defaults to the first enabled subscription that it finds, which may be invalid for that particular client/tenant combo.

I'll try to figure out if there's a way to determine which subscription(s) a client is associated with in the meantime.
Comment 10 Jeff Teehan 2017-02-06 22:28:07 UTC 
Subscription field is in 5.6 (I checked all the way back to 5.6.1, and certainly in 5.6.4)
Comment 11 Daniel Berger 2017-02-06 23:40:38 UTC 
Yep, disregard last comment, sorry. I was thinking of an older version. It's just optional in the UI.
Note You need to log in before you can comment on or make changes to this bug.