Skip to content

[aks-preview] Use bastion subscription from resource ID in az aks bastion#33581

Draft
Copilot wants to merge 1 commit into
devfrom
copilot/fix-aks-bastion-subscription-issue
Draft

[aks-preview] Use bastion subscription from resource ID in az aks bastion#33581
Copilot wants to merge 1 commit into
devfrom
copilot/fix-aks-bastion-subscription-issue

Conversation

Copilot AI commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Related command
az aks bastion

Description
az aks bastion was forwarding the AKS/current CLI subscription to az network bastion tunnel even when --bastion was a full resource ID in another subscription. This updates bastion resolution to preserve the bastion host's subscription and uses that subscription when creating the tunnel.

  • Bastion resource parsing

    • Extend bastion resource parsing to retain subscriptionId when --bastion is provided as a full resource ID.
    • Keep existing behavior unchanged for name-based bastion lookup.

  • Tunnel command construction

    • Pass the bastion host subscription, not the AKS cluster subscription, to az network bastion tunnel.
    • Scope bastion lookup and tunnel creation consistently to the bastion resource's subscription.

  • Targeted coverage

    • Add focused coverage for cross-subscription bastion resource IDs to verify the tunnel command is built with the correct --subscription.

Example:

az aks bastion \
  -g aks-resource-group \
  -n aks-cluster \
  --subscription <aks-subscription> \
  --bastion /subscriptions/<hub-subscription>/resourceGroups/bastion-rg/providers/Microsoft.Network/bastionHosts/bastion-name

Expected tunnel invocation after this change:

az network bastion tunnel \
  --resource-group bastion-rg \
  --name bastion-name \
  --target-resource-id /subscriptions/<aks-subscription>/resourceGroups/aks-resource-group/providers/Microsoft.ContainerService/managedClusters/aks-cluster \
  --subscription <hub-subscription>

Testing Guide

# AKS in subscription A, Bastion in subscription B
az aks bastion -g <aks-rg> -n <aks-name> --subscription <sub-a> \
  --bastion /subscriptions/<sub-b>/resourceGroups/<bastion-rg>/providers/Microsoft.Network/bastionHosts/<bastion-name> --verbose

Verify the verbose output shows az network bastion tunnel ... --subscription <sub-b>.

History Notes
[aks-preview] az aks bastion: use the bastion host subscription when --bastion is a cross-subscription resource ID

This checklist is used to make sure that common guidelines for a pull request are followed.

@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.14
️✔️acs
️✔️latest
️✔️3.12
️✔️3.14
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.14
️✔️ams
️✔️latest
️✔️3.12
️✔️3.14
️✔️apim
️✔️latest
️✔️3.12
️✔️3.14
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.14
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️aro
️✔️latest
️✔️3.12
️✔️3.14
️✔️backup
️✔️latest
️✔️3.12
️✔️3.14
️✔️batch
️✔️latest
️✔️3.12
️✔️3.14
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.14
️✔️billing
️✔️latest
️✔️3.12
️✔️3.14
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.14
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.14
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.14
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.14
️✔️config
️✔️latest
️✔️3.12
️✔️3.14
️✔️configure
️✔️latest
️✔️3.12
️✔️3.14
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.14
️✔️container
️✔️latest
️✔️3.12
️✔️3.14
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.14
️✔️core
️✔️latest
️✔️3.12
️✔️3.14
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.14
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.14
️✔️dls
️✔️latest
️✔️3.12
️✔️3.14
️✔️dms
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.14
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.14
️✔️find
️✔️latest
️✔️3.12
️✔️3.14
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.14
️✔️identity
️✔️latest
️✔️3.12
️✔️3.14
️✔️iot
️✔️latest
️✔️3.12
️✔️3.14
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.14
️✔️lab
️✔️latest
️✔️3.12
️✔️3.14
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️maps
️✔️latest
️✔️3.12
️✔️3.14
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.14
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.14
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.14
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.14
️✔️network
️✔️latest
️✔️3.12
️✔️3.14
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.14
️✔️postgresql
️✔️latest
️✔️3.12
️✔️3.14
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.14
️✔️profile
️✔️latest
️✔️3.12
️✔️3.14
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.14
️✔️redis
️✔️latest
️✔️3.12
️✔️3.14
️✔️relay
️✔️latest
️✔️3.12
️✔️3.14
️✔️resource
️✔️latest
️✔️3.12
️✔️3.14
️✔️role
️✔️latest
️✔️3.12
️✔️3.14
️✔️search
️✔️latest
️✔️3.12
️✔️3.14
️✔️security
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.14
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.14
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.14
️✔️sql
️✔️latest
️✔️3.12
️✔️3.14
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.14
️✔️storage
️✔️latest
️✔️3.12
️✔️3.14
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.14
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.14
️✔️util
️✔️latest
️✔️3.12
️✔️3.14
️✔️vm
️✔️latest
️✔️3.12
️✔️3.14

@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

Copilot AI linked an issue Jun 17, 2026 that may be closed by this pull request
az aks bastion fails when bastion is on a different Subscription #33579
Open
Copilot AI changed the title [WIP] Fix az aks bastion fails when bastion is on a different subscription [aks-preview] Use bastion subscription from resource ID in az aks bastion Jun 17, 2026
Copilot AI requested a review from a0x1ab June 17, 2026 22:44
@yonzhan

yonzhan commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

aks-preview

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yonzhan yonzhan Awaiting requested review from yonzhan

@jsntcy jsntcy Awaiting requested review from jsntcy

@kairu-ms kairu-ms Awaiting requested review from kairu-ms

@yanzhudd yanzhudd Awaiting requested review from yanzhudd

@FumingZhang FumingZhang Awaiting requested review from FumingZhang

@elvazhu521 elvazhu521 Awaiting requested review from elvazhu521

@a0x1ab a0x1ab Awaiting requested review from a0x1ab

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@a0x1ab a0x1ab

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

July 2026 (2026-07-07)

Development

Successfully merging this pull request may close these issues.

az aks bastion fails when bastion is on a different Subscription

3 participants

@yonzhan @a0x1ab