Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Eng]: Return a more explicit error message when New-AzADServicePrincipal hit MS Graph latency #16777

Closed
dcaro opened this issue Jan 6, 2022 · 2 comments · Fixed by #18736 or #18757
Closed

[Eng]: Return a more explicit error message when New-AzADServicePrincipal hit MS Graph latency #16777

dcaro opened this issue Jan 6, 2022 · 2 comments · Fixed by #18736 or #18757
Assignees
@VeryEarly
Labels
AAD AzAd cmdlets in Az.Resources feature-request This issue requires a new behavior in the product in order be resolved. Resource Authorization AzRole* in Az.Resources
Milestone
July 2022 (2022-0...

Comments

@dcaro
Copy link
Contributor

dcaro commented Jan 6, 2022

Description

Creating a service principal with a role may fail due to latency before the principal can be queried in Graph
After executing New-AzADServicePrincipal -DisplayName "serviceprincipalname" -Role Contributor
you may receive the following error:

New-AzRoleAssignment: /home/azureuser/.local/share/powershell/Modules/Az.Resources/5.2.0/MSGraph.Autorest/custom/New-AzADServicePrincipal.ps1:766
Line |
 766 |            $ra = New-AzRoleAssignment @param
     |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Operation returned an invalid status code 'BadRequest'

In the debug traces, we see the following error returned:

Body:
{
  "error": {
    "code": "PrincipalNotFound",
    "message": "Principal xxxxxxxxx does not exist in the directory xxxxxxxxxx."
  }
}
@dcaro dcaro changed the title [Eng]: Improve New-AzADServicePrincipal behavior when principal is not found [Eng]: Improve New-AzADServicePrincipal behavior to address MS Graph latency Jan 6, 2022
@dcaro dcaro added the AAD Graph Deprecating AAD Graph endpoint label Jan 6, 2022
@dingmeng-xue dingmeng-xue added AAD AzAd cmdlets in Az.Resources Resource Authorization AzRole* in Az.Resources feature-request This issue requires a new behavior in the product in order be resolved. and removed AAD Graph Deprecating AAD Graph endpoint Engineering labels Jan 6, 2022
@dcaro dcaro changed the title [Eng]: Improve New-AzADServicePrincipal behavior to address MS Graph latency [Eng]: Return a more explicit error message when New-AzADServicePrincipal hit MS Graph latency Jan 7, 2022
@dcaro
Copy link
Contributor Author

dcaro commented Feb 17, 2022

@VeryEarly seems that we should follow this https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest#new-service-principal

@dcaro
Copy link
Contributor Author

dcaro commented Mar 15, 2022

@jiasli FYI, let's have a consistent approach on this.

@VeryEarly VeryEarly mentioned this issue Jun 27, 2022
Merged
8 tasks
@dingmeng-xue dingmeng-xue linked a pull request Jun 27, 2022 that will close this issue
[Az.Resources] Fix roleassignment latency for new-azadserviceprincipal #18736
Merged
8 tasks
@VeryEarly VeryEarly linked a pull request Jun 27, 2022 that will close this issue
[Resources] Fix role assignment latency for New-AzADServicePrincipal #18757
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VeryEarly VeryEarly

Labels
AAD AzAd cmdlets in Az.Resources feature-request This issue requires a new behavior in the product in order be resolved. Resource Authorization AzRole* in Az.Resources
Projects
None yet
Milestone
July 2022 (2022-07-05)
4 participants
@dcaro @VeryEarly @wyunchi-ms @dingmeng-xue