Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
A API call to list Azure key vaults is failing, "User is not allowed to do operation"
2025-02-19
11:42 AM
1,123 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am a TSE engineer at Netapp, have a customer trying to create a new CVO instance using Azure premium keyvault services.
He referenced this documentation here:
On the step to list the keyvaults that were created, it is failing:
Obtain the list of key vaults in your Azure subscription by using the following BlueXP API call.
For an HA pair: GET /azure/ha/metadata/vaults
For single node: GET /azure/vsa/metadata/vaults
Make note of the name and resourceGroup. You'll need to specify those values in the next step.
The error is "User is not allowed to do operation"
Posting the issue here for assistance, as this KB specifies the Netapp APi is community supported
https://kb.netapp.com/Cloud/Cloud_Volumes_ONTAP/Where_can_I_get_help_for_Cloud_Volumes_ONTAP_API_related_issues
Any help is appreciated
This is the actual call
This call fails with user isn't allowed, etc
curl --request GET --location 'https://cloudmanager.cloud.netapp.com/occm/api/azure/vsa/working-environments/VsaWorkingEnvironment-XFYfUPSU?fields=status,ontapClusterProperties.fiel...'
--header "Content-Type: application/json" --header 'x-agent-id: XXXXX' --header 'Authorization: Bearer '
Solved! See The Solution
1 ACCEPTED SOLUTION
prachana has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
these are typical permission issues. BlueXP connector or user or service account making API calls may not have necessary Azure permissions to list the key vaults..Check access policy and add one if missing
2 REPLIES 2
prachana has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
these are typical permission issues. BlueXP connector or user or service account making API calls may not have necessary Azure permissions to list the key vaults..Check access policy and add one if missing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for the replies, I think we found the main issue was that the Azure account where the vault was created was different from the account that was doing the api call.
Once the API was corrected, and a new vault was created in the same Azure account, the api call worked.
Likely a permission issue as was mentioned, thanks.
