Skip to content

[Core] Allow disabling subscription finding #13285

New issue
New issue
Open
Open
[Core] Allow disabling subscription finding#13285
Assignees
jiasli
Labels
Azure Sphere CLIFeature Candidatefeature-request
Milestone
Backlog
@jiasli

Description

@jiasli
jiasli
opened on May 1, 2020

This is previously raised by IcM 154830377: Azure CLI fails if NSG doesn't allow ARM endpoint

It should be possible to force az login to only do a tenant-level login and disable subscription finding. This is also called ARM-detached mode.

The current param --allow-no-subscriptions always queries ARM and the result depends on whether the tenant has subscriptions. The result is unpredictable for the client:

Does the tenant have subscriptions?

  • ✔ -> build subscription-level accounts
  • ❌ -> build a tenant-level account

Allowing disabling subscription finding is helpful in these scenarios:

  1. As in the IcM, if ARM endpoint (https://management.azure.com/ in public AzureCloud) is blocked by an NSG, az login fails. However, it shouldn't, as customer should still be able to use az to manage data-plane services like Storage, Microsoft Graph...
  2. A custom cloud may not have ARM endpoint, thus causing az login to fail

Metadata

Metadata

Assignees

Labels

Azure Sphere CLIFeature Candidatefeature-request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions