azure_rm_resource_info subscription_id passed as parameter is not overruling environment variable

Question

azure_rm_resource_info subscription_id passed as parameter is not overruling environment variable

markstoel opened this issue 5 months ago · comments

SUMMARY

When retrieving vm info from a resource group the subscription_id parameter is not used. Instead it takes the value from the environment variables.

ISSUE TYPE

Bug Report

COMPONENT NAME

azure_rm_resource_info

ANSIBLE VERSION

ansible [core 2.16.5]
  config file = /home/marks/projects/voyager/ansible.cfg
  configured module search path = ['/home/marks/projects/voyager/library', '/home/marks/projects/requirements_roles/common/library', '/home/marks/projects/voyager/roles/common/library']
  ansible python module location = /home/marks/.pyenv/versions/3.11.7/lib/python3.11/site-packages/ansible
  ansible collection location = /home/marks/projects/voyager/collections:/home/marks/projects/requirements_collections:/usr/share/ansible/collections/ansible_collections
  executable location = /home/marks/.pyenv/versions/3.11.7/bin/ansible
  python version = 3.11.7 (main, Apr 15 2024, 08:32:44) [GCC 11.4.0] (/home/marks/.pyenv/versions/3.11.7/bin/python)
  jinja version = 3.1.3
  libyaml = True

COLLECTION VERSION

Collection        Version
----------------- -------
community.general 8.5.0  

# /home/marks/projects/voyager/collections/ansible_collections
Collection        Version
----------------- -------
community.general 8.6.0

CONFIGURATION

ANSIBLE_PIPELINING(/home/marks/projects/voyager/ansible.cfg) = True
CALLBACKS_ENABLED(/home/marks/projects/voyager/ansible.cfg) = ['profile_tasks', 'voyager.awx.voyager']
COLLECTIONS_PATHS(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/collections', '/home/marks/projects/requirements_collections', '/usr/share/ansible/col>
CONFIG_FILE() = /home/marks/projects/voyager/ansible.cfg
DEFAULT_FILTER_PLUGIN_PATH(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/plugins/filter_plugins']
DEFAULT_FORKS(/home/marks/projects/voyager/ansible.cfg) = 25
DEFAULT_GATHERING(/home/marks/projects/voyager/ansible.cfg) = smart
DEFAULT_HASH_BEHAVIOUR(/home/marks/projects/voyager/ansible.cfg) = merge
DEFAULT_HOST_LIST(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/inventories/local/hosts']
DEFAULT_INTERNAL_POLL_INTERVAL(/home/marks/projects/voyager/ansible.cfg) = 0.001
DEFAULT_LOOKUP_PLUGIN_PATH(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/plugins/lookup']
DEFAULT_MANAGED_STR(/home/marks/projects/voyager/ansible.cfg) = This file is managed by Ansible.%n
template: {file}
date: %Y-%m-%d %H:%M:%S
user: {uid}
host: {host}
DEFAULT_MODULE_PATH(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/library', '/home/marks/projects/requirements_roles/common/library', '/home/marks/pro>
DEFAULT_MODULE_UTILS_PATH(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/library/module_utils', '/home/marks/projects/requirements_roles/common/library>
DEFAULT_POLL_INTERVAL(/home/marks/projects/voyager/ansible.cfg) = 5
DEFAULT_ROLES_PATH(/home/marks/projects/voyager/ansible.cfg) = ['/home/marks/projects/voyager/roles', '/home/marks/projects/requirements_roles']
DEFAULT_STDOUT_CALLBACK(/home/marks/projects/voyager/ansible.cfg) = yaml
DEFAULT_TIMEOUT(/home/marks/projects/voyager/ansible.cfg) = 10
DEFAULT_TRANSPORT(/home/marks/projects/voyager/ansible.cfg) = ssh
DEFAULT_VAULT_PASSWORD_FILE(env: ANSIBLE_VAULT_PASSWORD_FILE) = /home/marks/.voyager.txt
HOST_KEY_CHECKING(/home/marks/projects/voyager/ansible.cfg) = False
INTERPRETER_PYTHON(/home/marks/projects/voyager/ansible.cfg) = /usr/bin/python3
RETRY_FILES_ENABLED(/home/marks/projects/voyager/ansible.cfg) = False
TRANSFORM_INVALID_GROUP_CHARS(/home/marks/projects/voyager/ansible.cfg) = always

OS / ENVIRONMENT

Ubuntu 22.04

STEPS TO REPRODUCE

name: Get VMs facts
azure.azcollection.azure_rm_resource_info:
api_version: 2024-03-01
provider: compute
resource_type: virtualmachines
resource_group: "{{ my_resource_group }}"
subscription_id: "{{ my_subscription_id }}"

Where my_subscription_id is not the same subscriptionid as the client credentials

I have the following environment variables correctly set:
AZURE_TENANT=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_SUBSCRIPTION_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_SECRET=

NOT working:

---
- name: Test retrieve vms from azure subscription
  hosts: localhost
  gather_facts: false
  connection: local
  vars:
    azurecompute_apiversion: 2024-03-01
    _subscriptionid: "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
  
  tasks:
    - name: Get VMs facts
      azure.azcollection.azure_rm_resource_info:
        api_version: "{{ azurecompute_apiversion }}"
        provider: compute
        resource_group: XXX
        resource_type: virtualmachines
        subscription_id: "{{ _subscriptionid }}"
      register: _vms

    - name: Debug VMs
      debug:
        var: _vms

WORKING:

---
- name: Test retrieve vms from azure subscription
  hosts: localhost
  gather_facts: false
  connection: local
  vars:
    azurecompute_apiversion: 2024-03-01
    _subscriptionid: "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
  
  tasks:
    - name: Get VMs facts
      azure.azcollection.azure_rm_resource_info:
        client_id: "{{ secrets.azure.subscriptions.client_id }}"
        secret: "{{ secrets.azure.subscriptions.secret }}"
        tenant: "{{ secrets.azure.subscriptions.tenant }}"
        api_version: "{{ azurecompute_apiversion }}"
        provider: compute
        resource_group: XXX
        resource_type: virtualmachines
        subscription_id: "{{ _subscriptionid }}"
      register: _vms

    - name: Debug VMs
      debug:
        var: _vms

EXPECTED RESULTS

  _vms:
    changed: false
    failed: false
    response:
    - value: []
    url: /subscriptions/**SUBSCRIPTION_ID from parameter**/resourceGroups/XXX/providers/Microsoft.compute/virtualmachines

ACTUAL RESULTS

  _vms:
    changed: false
    failed: false
    response:
    - error:
        code: ResourceGroupNotFound
        message: Resource group 'XXX' could not be found.
    url: /subscriptions/**AZURE_SUBSCRIPTION_ID from env vars**/resourceGroups/XXX/providers/Microsoft.compute/virtualmachines

Fred-sun · Answer 1 · Sun May 05 2024 21:37:00 GMT+0800 (China Standard Time)

@markstoel Is your subscription_id configured in the parameters the same as the subscripiton_id in the local environment?

Fred-sun · Answer 2 · Sun May 05 2024 21:38:42 GMT+0800 (China Standard Time)

@markstoel Do you manage resources under different subscription ids?

Mark · Answer 3 · Mon May 06 2024 15:10:28 GMT+0800 (China Standard Time)

@Fred-sun The subscription_id in the local environment is not the same as the parameter.
Yes, we manage resources under different subscription ids.

Fred-sun · Answer 4 · Mon May 06 2024 15:15:13 GMT+0800 (China Standard Time)

@markstoel That should be the reason, for now we only support a single subscription_id working method. Thank you!