A API call to list Azure key vaults is failing, "User is not allowed to do operation"

jsledge

Hello,

I am a TSE engineer at Netapp, have a customer trying to create a new CVO instance using Azure premium keyvault services.

He referenced this documentation here:

https://docs.netapp.com/us-en/bluexp-cloud-volumes-ontap/task-set-up-azure-encryption.html#create-a-working-environment-that-uses-the-encryption-key

On the step to list the keyvaults that were created, it is failing:

Obtain the list of key vaults in your Azure subscription by using the following BlueXP API call.

For an HA pair: GET /azure/ha/metadata/vaults

For single node: GET /azure/vsa/metadata/vaults

Make note of the name and resourceGroup. You'll need to specify those values in the next step.

The error is "User is not allowed to do operation"

Posting the issue here for assistance, as this KB specifies the Netapp APi is community supported
https://kb.netapp.com/Cloud/Cloud_Volumes_ONTAP/Where_can_I_get_help_for_Cloud_Volumes_ONTAP_API_related_issues

Any help is appreciated

This is the actual call

This call fails with user isn't allowed, etc
curl --request GET --location 'https://cloudmanager.cloud.netapp.com/occm/api/azure/vsa/working-environments/VsaWorkingEnvironment-XFYfUPSU?fields=status,ontapClusterProperties.fiel...'
--header "Content-Type: application/json" --header 'x-agent-id: XXXXX' --header 'Authorization: Bearer '

AmitKerkar

these are typical permission issues. BlueXP connector or user or service account making API calls may not have necessary Azure permissions to list the key vaults..Check access policy and add one if missing