I'm having some issues using providers accross subscriptions - I've got a really simple provider ComponentResource that returns a new azure-native.Provider() called AzureProvider.

const sub1 = AzureProvider("sub1") // returns provider for subscription 1 - where child zone should go
const sub2 = AzureProvider("sub2") // returns provider for subscription 2 - where parent zone lives

// Note: I use the same service principal + secret for both sub1 and sub2, and ensured that the SP has "DNS Zone Contributor" rights on the parent zone (sub2).

My program sets up child dns zones - so the first thing I do is verify that I can connect to the Parent zone, then when that is successful I create the child zone, then update the parent zone with the NS records of the child. My problem is that when I run `Network.getZone()`while passing the appropriate provider - it executes the operation as me, rather than the provider specified. The same thing for the creation of the NS record using the same (sub2) provider. The creation of the zone (using sub1) does not have this problem.

const parentZone = azure.network.getZoneOutput( {
    resourceGroupName: '<rg-name-redacted>', 
    zoneName: `${infra.deployment.domain.domainRoot}`
}, {
    provider: sub2.instance

})

The reason I know this is that 1) The NS record shows in the logs as being created by me, while the child zone is created by the service principal I use for the "sub1" AzureProvider and 2) My colleagues get this error message when running the same code that works for me (I have access to the parent zone subscription, they do not):

error: Error: invocation of azure-native:network:getZone returned an error: building auth config: obtain subscription(<subscription-guid-redacted>) from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1
        at Object.callback (D:\Dev\Pulumi\Project.infra\pulumi\purposes\azure-dns\node_modules\@pulumi\runtime\invoke.ts:161:33)
        at Object.onReceiveStatus (D:\Dev\Pulumi\Project.infra\pulumi\purposes\azure-dns\node_modules\@grpc\grpc-js\src\client.ts:338:26)
        at Object.onReceiveStatus (D:\Dev\Pulumi\Project.infra\pulumi\purposes\azure-dns\node_modules\@grpc\grpc-js\src\client-interceptors.ts:426:34)
        at Object.onReceiveStatus (D:\Dev\Pulumi\Project.infra\pulumi\purposes\azure-dns\node_modules\@grpc\grpc-js\src\client-interceptors.ts:389:48)
        at D:\Dev\Pulumi\Project.infra\pulumi\purposes\azure-dns\node_modules\@grpc\grpc-js\src\call-stream.ts:276:24
        at processTicksAndRejections (internal/process/task_queues.js:77:11)

could you file an issue for this, please?