Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

{RBAC} Polish error message for service principal resolution #12617

Merged
merged 3 commits into from
Mar 20, 2020
Merged

{RBAC} Polish error message for service principal resolution #12617

merged 3 commits into from
Mar 20, 2020

Conversation

jiasli
Copy link
Member

@jiasli jiasli commented Mar 17, 2020

Resolve #12615

When the user creates an app but doesn't create the corresponding service principal, then does role assignment

# pwsh
$AppRegistrationName = 'myapp0317'
$appId = az ad app create --display-name $AppRegistrationName --reply-urls https://api.loganalytics.io/ --available-to-other-tenants false --query 'appId' --output tsv
# az ad sp create --id $appId

$rgName = 'myrg0317'
az group create -n $rgName -l westus
az role assignment create --role Reader --assignee $appId --resource-group $rgName

az role assignment create fails with

No matches in graph database for '64ba0967-d3b7-4346-b7b6-803fdea011a4'

This PR polishes the error message to make it more instructive:

Cannot find user or service principal in graph database for '64ba0967-d3b7-4346-b7b6-803fdea011a4'. If the assignee is an appId, make sure the corresponding service principal is created with 'az ad sp create --id 64ba0967-d3b7-4346-b7b6-803fdea011a4'.

ℹ Clean up:

az ad app delete --id $appId

@jiasli jiasli requested a review from qianwens March 17, 2020 03:29
@jiasli jiasli self-assigned this Mar 17, 2020
@jiasli jiasli requested a review from arrownj March 17, 2020 03:38
@yonzhan yonzhan added this to the S167 milestone Mar 17, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented Mar 17, 2020

add to S167

qianwens
qianwens approved these changes Mar 18, 2020
View reviewed changes
Copy link
Member

@qianwens qianwens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jiasli jiasli merged commit 176d09b into Azure:dev Mar 20, 2020
@jiasli jiasli deleted the sp-resolve branch March 20, 2020 02:07
@jiasli jiasli changed the title {RBAC} Polich error message for service principal resolution {RBAC} Polish error message for service principal resolution Nov 16, 2021
@jiasli jiasli mentioned this pull request Nov 16, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arrownj arrownj arrownj approved these changes

@qianwens qianwens qianwens approved these changes

Assignees

@jiasli jiasli

Labels
None yet
Projects
None yet
Milestone
S167
Development

Successfully merging this pull request may close these issues.

Azure CLI for role assignment fails if the app registration is created from CLI also.
4 participants
@jiasli @yonzhan @arrownj @qianwens