azurekubernetesazure-container-serviceazure-management

Subscription could not be found in Azure Management API

I'm trying to create a Kubernetes cluster using Azure Management API.

  var credentials = SdkContext.AzureCredentialsFactory
    .FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION"));


  var azure = Azure
    .Configure()
    .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
    .Authenticate(credentials)
    .WithDefaultSubscription();

var kubernetesCluster = azure.KubernetesClusters.Define("aks").WithRegion(Region.EuropeWest)
        .WithNewResourceGroup("aksResourceGroup").WithLatestVersion().WithRootUsername("aksUsername")
        .WithSshKey(sshPublicKey).WithServicePrincipalClientId("clientId")
        .WithServicePrincipalSecret("secret").DefineAgentPool("ap").WithVirtualMachineCount(1)
        .WithVirtualMachineSize(ContainerServiceVirtualMachineSizeTypes.StandardA0).Attach()
        .WithDnsPrefix("dns-aks").Create();

In the last line, a CloudException is thrown with the message: Subscription [] could not be found.

Even though an exception is thrown, the resource group is created but it is empty.

I have logged-in using Azure CLI with that service principal and I have run 

az account list

with the following response:

[
  {
    "cloudName": "AzureCloud",
    "id": "SUBSCRIPTION ID FROM EXCEPTION ABOVE",
    "isDefault": true,
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "xxx",
    "user": {
      "name": "xxxx",
      "type": "servicePrincipal"
    }
  }
]

The App registration exists In Azure Active Directory > App registrations > All apps. I even gave permissions to all possible APIs.

Is there anything I did wrong in order to receive that exception message?

Solution

  • According to the error log, it seems you don't set default subscription for your service principal. You could use az account set --subscription <name or id> to set it.

    If it still does not work, I suggest you could use the following code.

      var azure = Azure
    .Configure()
    .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
    .Authenticate(credentials)
    .withSubscription("subscription id")

    Note: You should give your service principal Owner role on your subscription level. See this link. But it seems you had done it, but I suggest you could check again.