BlueXP Services

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

BlueXP Services

Ask a Question

A API call to list Azure key vaults is failing, "User is not allowed to do operation"

jsledge
NetApp
‎2025-02-19 11:42 AM
1,123 Views

Hello,

 

I am a TSE engineer at Netapp, have a customer trying to create a new CVO instance using Azure premium keyvault services.

He referenced this documentation here:


https://docs.netapp.com/us-en/bluexp-cloud-volumes-ontap/task-set-up-azure-encryption.html#create-a-working-environment-that-uses-the-encryption-key

 

On the step to list the keyvaults that were created, it is failing:

 

Obtain the list of key vaults in your Azure subscription by using the following BlueXP API call.

For an HA pair: GET /azure/ha/metadata/vaults

For single node: GET /azure/vsa/metadata/vaults

Make note of the name and resourceGroup. You'll need to specify those values in the next step.

The error is "User is not allowed to do operation"

Posting the issue here for assistance, as this KB specifies the Netapp APi is community supported
https://kb.netapp.com/Cloud/Cloud_Volumes_ONTAP/Where_can_I_get_help_for_Cloud_Volumes_ONTAP_API_related_issues

Any help is appreciated

This is the actual call

 

This call fails with user isn't allowed, etc
curl --request GET --location 'https://cloudmanager.cloud.netapp.com/occm/api/azure/vsa/working-environments/VsaWorkingEnvironment-XFYfUPSU?fields=status,ontapClusterProperties.fiel...'
--header "Content-Type: application/json" --header 'x-agent-id: XXXXX' --header 'Authorization: Bearer '

0 Kudos
1 ACCEPTED SOLUTION
prachana has accepted the solution

AmitKerkar
‎2025-02-20 05:16 PM
1,046 Views

these are typical permission issues. BlueXP connector or user or service account making API calls may not have necessary Azure permissions to list the key vaults..Check access policy and add one if missing

View solution in original post

2 REPLIES 2
prachana has accepted the solution

AmitKerkar
‎2025-02-20 05:16 PM
1,047 Views

these are typical permission issues. BlueXP connector or user or service account making API calls may not have necessary Azure permissions to list the key vaults..Check access policy and add one if missing

jsledge
NetApp
‎2025-03-03 10:12 AM
954 Views

Hello,

 

Thanks for the replies, I think we found the main issue was that the Azure account where the vault was created was different from the account that was doing the api call.

 

Once the API was corrected, and a new  vault was created in the same Azure account, the api call worked.

 

Likely a permission issue as was mentioned, thanks.

0 Kudos
All Community Forums
Public