-
Notifications
You must be signed in to change notification settings - Fork 3.4k
Allow cross tenant subscription rest api #30834
Copy link
Copy link
Open
Labels
ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.needs-team-triageThis issue needs the team to triage.This issue needs the team to triage.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as thatThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Description
Metadata
Metadata
Assignees
Labels
ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.needs-team-triageThis issue needs the team to triage.This issue needs the team to triage.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as thatThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Type
Fields
No fields configured for issues without a type.
Related command
az rest --method post --uri "https://management.azure.com/subscriptions/customersubscription/resourceGroups/rg-managedapp/providers/Microsoft.Solutions/applications/mymanagedapp/listTokens?api-version=2018-09-01-preview"Is your feature request related to a problem? Please describe.
I have a managed app published, I want to retrieve the managed identity access token. This must be done with a publisher identity (or a managed identity in the managed resource group, but that is not the scenario I am playing). Unfortunately
az restfirst checks if the subscription is known before submitting the rest http call. The publisher identity does not see this subscription as it is connected with the consumer tenant.Describe the solution you'd like
I would like to have a flag to skip the subscription check.
Describe alternatives you've considered
With
az account get-access-tokenI can get a token, and then use regularcurl.Additional context
See https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/publish-managed-identity#accessing-the-managed-identity-token where this is documented.