1

I'm using the Azure ARM API and I'm trying to list all publishers by location through the Azure Java SDK, by executing the following code:

import com.microsoft.azure.management.compute.ComputeManagementClient;
import com.microsoft.azure.management.compute.ComputeManagementService;
import com.microsoft.azure.management.compute.models.VirtualMachineImageListPublishersParameters;
import com.microsoft.azure.management.compute.models.VirtualMachineImageResourceList;

@Test
public void testListPublishers() {
    ComputeManagementClient client = ComputeManagementService.create(createConfiguration());
    VirtualMachineImageListPublishersParameters params = new VirtualMachineImageListPublishersParameters();
    params.setLocation("westus");
    VirtualMachineImageResourceList response = client.getVirtualMachineImagesOperations().listPublishers(params);
    ArrayList<VirtualMachineImageResource> resources = response.getResources();
    System.out.println("Found publishers: " + resources.size());
}

This results in the following request:

GET /subscriptions/{some-subscription}/providers/Microsoft.Compute/locations/westus/publishers?api-version=2015-06-15

However, I always get and empty list, no matter the location I put in the publisher parameters. I am able to list other resources with the same client, so it is not an issue in creating the client.

Do you have any suggestions of what I might be doing wrong? Perhaps there is a permission that I don't have?

Thanks!

vdimitrov
  • 981
  • 9
  • 16

1 Answers1

0

Per my experience, the issue was caused by the application registed on Azure AD has no Reader role. I reproduced the issue, and resolved it via assign a Reader role to the AzureAD app.

There are two way for assigning a Reader role.

  1. Using Azure-CLI with arm mode, and command azure ad role assignment create --objectId <objectId of the aad app> -o Reader -c /subscriptions/<subscriptionId>/

If you don't know the objectId of the AzureAD app, you can command azure ad sp show --search <the aad app name> to review it. If you have no Service Principal (SP) for Azure AD, you can command azure ad sp create <clientId> to create it.

  1. Add the role and user via All settings -> RESOURCE MANAGEMENT -> Users when the application shown on Azure new portal, please see the pics below.

Select a role Reader : enter image description here

Add a user by searching name: enter image description here

After assign the Reader role to the aad app, you can list the image publishers as your wish.

Peter Pan
  • 23,476
  • 4
  • 25
  • 43
  • And is there a reason why I cannot see the application (created in the old portal) in the new portal? Should I create it once again in the new portal? – vdimitrov Jan 26 '16 at 16:26
  • @vdimitrov No. I'm not sure whether your app registed on AAD as WebApp or others deployed on Azure, so I gave two ways for different scenarios. Please try to do the first one preferentially. – Peter Pan Jan 27 '16 at 01:39
  • The problem was, that I had to assign the Reader role to the subscription. So if anyone hits this, go to the new portal, select the subscription and then Access -> Add -> Select roles (Reader, Owner, Contributor, whatever) -> on the Add users section search by the application name (not displayed by default). Btw, for some reason, the CLI threw the following error for some reason - 'role' is not an azure command, even though I was in ARM mode. Much thanks for your input! – vdimitrov Jan 27 '16 at 13:25