fix: Improve the error message shown when the MPE creator lacks Azure permissions #98
+630
−58
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…issions for the target resource.
ayeshurun
changed the title
ayeshurun
reviewed
Dec 24, 2025
src/fabric_cli/commands/fs/mkdir/fab_fs_mkdir_managedprivateendpoint.py
Outdated
Show resolved
Hide resolved
ayeshurun
reviewed
Dec 24, 2025
src/fabric_cli/commands/fs/mkdir/fab_fs_mkdir_managedprivateendpoint.py
Outdated
Show resolved
Hide resolved
…ithub.com/aviatco/fabric-cli into dev/aviatcohen/createMPEWithAzureNotAuthz
ayeshurun
previously approved these changes
Dec 24, 2025
ayeshurun
approved these changes
Dec 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📥 Pull Request
✨ Description of new changes
🎯 Problem
When creating Managed Private Endpoints (MPE), if the MPE creator lacks sufficient Azure permissions to access the target Azure resource, the CLI would fail the entire operation instead of providing clear feedback and gracefully handling the scenario.
🔧 Solution
Enhanced error handling in the MPE creation flow to gracefully handle Azure permission issues and provide better user experience:
Key Changes:
Enhanced Exception Handling in fab_fs_mkdir_managedprivateendpoint.py:
Improved User Messaging:
Instead of failing, the CLI now sets the MPE state to "Pending" when Azure access is forbidden
Clear message indicating the MPE was created but requires approval: "'<mpe_name>' created. Pending approval on Azure side"
Comprehensive Test Coverage in test_mkdir.py:
Added test_mkdir_managed_private_endpoint_forbidden_azure_access_pending_success() test
Mocks Azure forbidden exceptions to verify proper handling
Validates that the operation succeeds with appropriate messaging
Behavior Changes:
Before
❌ Operation fails with Azure permission error
After
✅ xxx.ManagedPrivateEndpoint created. Pending approval on Azure side