Azure-sdk-for-java: [BUG] Not able to update tag with tag contributors role

Hi @johnakash

Could you try if this would work?

            azure.genericResources().manager().inner().resourceGroups()
                    .update(resourceGroupName, new ResourceGroupPatchable().withTags(Collections.singletonMap(tagKey, tagValue)));

Please note it is an overwrite of existing tags.

@weidongxu-microsoft I work with Akash. The above API will update existing tags??

Lets assume Resource Group has environment tag and if I try to set application tag using code you mentioned . will it replace existing application tag??

Hi @santhoshigorle

I am not aware there is a distinguish between environment tag and application tag.

If you would like to add new tag to existing tags, you would need to first get the existing tags, then add new one, finally do the update.

            ResourceGroup resourceGroup = azure.resourceGroups().getByName(RG_NAME);
            Map<String, String> tags = new HashMap<>(resourceGroup.tags());
            tags.put(newTagKey, newTagValue);

            azure.genericResources().manager().inner().resourceGroups()
                    .update(RG_NAME, new ResourceGroupPatchable().withTags(tags));

My guess on why rg.update().withTag().apply() fails on write access is that it calls a PUT call.

Above code azure.genericResources().manager().inner().resourceGroups().update(...) would use a PATCH call.

@weidongxu-microsoft - We will give a try and get back to you.

@weidongxu-microsoft - Hi, I am Akash's team member. We tried with the code snippet u gave. But still getting same error.

com.microsoft.azure.CloudException: Status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '4c6edf90-kojh-4f25-9aa5-0997ll565bb' with object id '4b6eae90-19ab-4f25-9aa5-0bb7043565bd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope or the scope is invalid. If access was recently granted, please refresh your credentials."}}

Could you please check this.

@NShenoy5

Is the PowerShell command Update-AzTag -ResourceId $resourceGroup.ResourceId -Tag $tags -Operation Merge?

@weidongxu-microsoft - We are using java sdk for doing this operation.

@johnakash

I am trying to mirror the API that is used in PowerShell command that you mentioned working.

If this is the command, PowerShell is using this API, which was added at api-version 2019-10-01
https://docs.microsoft.com/en-us/rest/api/resources/tags/updateatscope

However current Java SDK api-version is 2019-08-01, so it cannot provide this API without feature upgrade.

All above assuming that Update-AzTag is the PowerShell API.

Thanks @weidongxu-microsoft , both the New-AzTag and the Update-AzTag command-lets are working as expected through an account that only has the "Tag Contributor" role assigned to it.

@c4rlosmarin

Thanks for the info on role and the confirmation on PowerShell.

https://docs.microsoft.com/en-us/rest/api/resources/tags/updateatscope would be a new API to support in Java SDK. We will schedule for it. But current SDK is not able to do that.

Let me know how urgent you need this feature, and we could plan accordingly.

@weidongxu-microsoft

Tagging in Cloud helps in many ways like, managing cost distribution and to keep Cloud Compliant. Tagging plays very crucial role in my organization. could you please prioritize this??

Thanks @santhoshigorle

@weidongxu-microsoft , how soon can we expect this to be added to the Java SDK?

@johnakash @santhoshigorle @c4rlosmarin Hi guys, our development focus has shifted to the next version of Java SDK management libraries The guide about this new version of SDK can be found here:

https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/management

It has been released and is in public preview right now.

Would it be okay for you guys to add this feature to the newer version of SDK?

@nickzhums
You want us try this SDK version??

com.azure.resourcemanager
azure-resourcemanager
2.0.0-beta.2

@santhoshigorle yes that would be the next generation of Azure Java Management SDK

2.0.0-beta.2 does not yet had the tag feature.

In long run, major feature upgrade would be focused on this line of releases.

Thanks @weidongxu-microsoft , is there an ETA you could share for when the feature would be publicly available?

@c4rlosmarin would you be okay with using a preview version in your environment? it will contain the new features but might also introduce some breaking changes or minor issues. If you are okay with this, we can happy to put this request to our backlog and give you an ETA

Thanks @nickzhums.

@johnakash / @NShenoy5, please share some comments about the above statement from @nickzhums. Are you ok on using a preview version on your environment?

@nickzhums

From the above conversation what I understood is as part of 2.0.0-beta.2 you are planning to address tagging fix and that may come up with some bugs as it is beta version.

We will be using tagging API's in our production environments and we can't use preview SDK as we don't know what kind of bugs it going to introduce.

Do you have dates for actual release??

Hi @santhoshigorle , we are in planning phase and haven't committed the actual date, this will depend on you guys's preference and whether you are ok with using the preview version. If not, we will circle back with the engineering team to decide if and when to support it in older SDK

@santhoshigorle

We are currently working on the feature. We expect to have next release with the tag feature around 24 July.

@johnakash @santhoshigorle
We have PR ready for tag operations. Please see here.

Tags tagParameters = new Tags().withTags(new HashMap<String, String>());
tagParameters.tags().put("key1", "value1");
resourceManager.inner().tagOperations().createOrUpdateAtScope("your-scope", tagParameters);

TagsPatchResource tagUpdateParameters = new TagsPatchResource();
tagUpdateParameters.withOperation(TagOperation.REPLACE);
tagUpdateParameters.withProperties(new Tags().withTags(new HashMap<String, String>()));
tagUpdateParameters.properties().tags().put("key1", "value2");
resourceManager.inner().tagOperations().updateAtScope("your-scope", tagUpdateParameters);

@weidongxu-microsoft we are very eagerly waiting on this fix. Keep us posted as soon as it's ready to use. I think we will be first users to use this and test this and pass you feedback how it goes.

Thank you again to your entire product team to prioritizing this bug and providing quick fix.

@johnakash @santhoshigorle We have released new version 1.36.0. Please try if it works to resolve your issue. Thanks.

Hi all, I can confirm this is now solved, we can now use the latest release to update the tags using the added support for it.

Thanks so much for your support on this!

Close this as the issue is solved.