[Ansible] How to fix ".azure_rm plugin: a batched request failed with status code 403" error

Question

Hello.
I am attempting to configure an dynamic inventory for Azure. I have created an Azure Credential with my Subscription ID, Tenant ID, Client ID, and my Client Secret. I am using this ARM Credential in source configuration for the Inventory. I am using ansible [core 2.14.4] I am also using the latest version of the azcollection. The results of attempting to sync the inventory results in the following: [WARNING]: * Failed to parse /runner/inventory/azure_rm.yml with auto plugin: a batched request failed with status code 403, url /subscriptions/dev-null__/providers/Microsoft.Compute/virtualMachines__ Any suggestion on how to troubleshoot, or other tips would be very helpful.

ubuntu@hojae-ansible-server:~/ansible$ ansible-inventory -i azure/dynamic_azure_rm.yml --graph
[WARNING]:  * Failed to parse /home/ubuntu/ansible/azure/dynamic_azure_rm.yml with ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request
failed with status code 403, url /subscriptions/10bd20cb-2ded-444a-8c4f-37897a4e7205/providers/Microsoft.Compute/virtualMachines
[WARNING]: Unable to parse /home/ubuntu/ansible/azure/dynamic_azure_rm.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
@all:
  |--@ungrouped:
ubuntu@hojae-ansible-server:~/ansible$ ansible-inventory -i azure/dynamic_azure_rm.yml --graph -vvv
ansible-inventory [core 2.14.4]
  config file = /home/ubuntu/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ubuntu/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ubuntu/.local/bin/ansible-inventory
  python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
Using /home/ubuntu/ansible/ansible.cfg as config file
redirecting (type: inventory) ansible.builtin.azure_rm to azure.azcollection.azure_rm
[WARNING]:  * Failed to parse /home/ubuntu/ansible/azure/dynamic_azure_rm.yml with ansible_collections.azure.azcollection.plugins.inventory.azure_rm plugin: a batched request
failed with status code 403, url /subscriptions/10bd20cb-2ded-444a-8c4f-37897a4e7205/providers/Microsoft.Compute/virtualMachines
  File "/home/ubuntu/.local/lib/python3.10/site-packages/ansible/inventory/manager.py", line 293, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/home/ubuntu/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 222, in parse
    self._get_hosts()
  File "/home/ubuntu/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 283, in _get_hosts
    self._process_queue_batch()
  File "/home/ubuntu/.ansible/collections/ansible_collections/azure/azcollection/plugins/inventory/azure_rm.py", line 428, in _process_queue_batch
    raise AnsibleError("a batched request failed with status code {0}, url {1}".format(status_code, result.url))
[WARNING]: Unable to parse /home/ubuntu/ansible/azure/dynamic_azure_rm.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available

Answer 1

Hello,

The error message indicates that the account you're using for the Azure inventory script does not have the required permissions to access the Microsoft.Compute/virtualMachines resources.

After verifying and updating the role assignments of the ADD App, try running the Ansible inventory sync again to see if the issue has been resolved.