From d6f69653d0a67463a660a8f994bdd751d15d05ef Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 21 Nov 2025 00:19:49 +0000 Subject: [PATCH 1/4] Initial plan From 101f116c353253e86ee79949e9f7cd763341c01d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 21 Nov 2025 00:24:42 +0000 Subject: [PATCH 2/4] Remove deprecated --include-classic-administrators parameter from Azure CLI command Co-authored-by: seanyen <25241284+seanyen@users.noreply.github.com> --- tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 index 1903b0b..078eaa5 100644 --- a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 +++ b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 @@ -207,7 +207,7 @@ if (-not $hasRights) { # two stage call to work around issue reported here : https://github.com/Azure/azure-powershell/issues/15261 which occurs for CSP subscriptions # look for classic administrators only when there is no Azure RBAC roles defined Write-Host "Looking for classic administrator roles" - $adminroles = (az role assignment list --include-classic-administrators) | ConvertFrom-Json + $adminroles = (az role assignment list) | ConvertFrom-Json $adminrole = $adminroles | Where-Object { $_.principalName -ieq $($session.user.name) } if ($adminrole) { Write-Host "Roles enabled for this account are:" -ForegroundColor Cyan From db5ed70d6f1d6c16fe2fa0cd67ccf7abcc565c48 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 21 Nov 2025 00:26:05 +0000 Subject: [PATCH 3/4] Update comments to reflect removal of classic administrators check Co-authored-by: seanyen <25241284+seanyen@users.noreply.github.com> --- tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 index 078eaa5..f63e3fa 100644 --- a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 +++ b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 @@ -205,8 +205,8 @@ if ($adminroles) { if (-not $hasRights) { # two stage call to work around issue reported here : https://github.com/Azure/azure-powershell/issues/15261 which occurs for CSP subscriptions - # look for classic administrators only when there is no Azure RBAC roles defined - Write-Host "Looking for classic administrator roles" + # look for additional role assignments when there are no Azure RBAC roles defined with sufficient privileges + Write-Host "Looking for additional role assignments" $adminroles = (az role assignment list) | ConvertFrom-Json $adminrole = $adminroles | Where-Object { $_.principalName -ieq $($session.user.name) } if ($adminrole) { From 3287420915fc8d132861387fe5f46cc59017277a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 21 Nov 2025 00:33:16 +0000 Subject: [PATCH 4/4] Update role check to look for Owner role instead of Administrator Co-authored-by: seanyen <25241284+seanyen@users.noreply.github.com> --- tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 index f63e3fa..23f3a9a 100644 --- a/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 +++ b/tools/scripts/AksEdgeAzureSetup/AksEdgeAzureSetup.ps1 @@ -213,7 +213,7 @@ if (-not $hasRights) { Write-Host "Roles enabled for this account are:" -ForegroundColor Cyan foreach ($role in $adminrole) { Write-Host "$($role.roleDefinitionName) for scope $($role.scope)" -ForegroundColor Cyan - if (($($role.scope) -eq "/subscriptions/$($aicfg.SubscriptionId)") -and (( $role.roleDefinitionName -match 'Administrator'))) { + if (($($role.scope) -eq "/subscriptions/$($aicfg.SubscriptionId)") -and ($role.roleDefinitionName -match 'Owner')) { Write-Host "* You have sufficient privileges" -ForegroundColor Green $hasRights = $true }