Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update documentation regarding optional parameter --sdk-auth #19949

Closed
meierale opened this issue Oct 20, 2021 · 6 comments
Closed

Update documentation regarding optional parameter --sdk-auth #19949

meierale opened this issue Oct 20, 2021 · 6 comments
Assignees
@jiasli
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Graph az ad
Milestone
Backlog

Comments

@meierale
Copy link

I completely fail to understand what the following documentation is supposed to mean.

--sdk-auth
Output result in compatible with Azure SDK auth file.
accepted values: false, true

Please describe this in a customer tailored and understandable way, using proper English sentences. Thanks ;-)

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@ghost ghost added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Oct 20, 2021
@yonzhan yonzhan added the Graph az ad label Oct 20, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Oct 20, 2021
@yonzhan yonzhan removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Oct 20, 2021
@yonzhan yonzhan added this to the Backlog milestone Oct 20, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Oct 20, 2021

@jiasli for awareness

@jiasli
Copy link
Member

jiasli commented Oct 21, 2021

--sdk-auth was there since Nov 14, 2017 (8346147 from #5217). Azure SDK is not consuming it anymore, so we marked it as deprecated in #19414.

Please simply forget about it and do not use it in any way.

@jiasli jiasli closed this as completed Oct 21, 2021
@meierale
Copy link
Author

We removed --sdk-auth from the following command:
az ad sp create-for-rbac --name $spName --role $spRole --scopes $spScope --sdk-auth true ... but then we ran into the following error:
Cannot find user or service principal in graph database for 'null'. If the assignee is an appId, make sure the corresponding service principal is created with 'az ad sp create --id null'.

So somehow we can't just "not use it in anyway".

@jiasli
Copy link
Member

jiasli commented Oct 26, 2021

--sdk-auth only controls the output format. It has nothing to do with the business logic.

The error message is thrown at:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Lines 1810 to 1812 in 3c34079

raise CLIError("Cannot find user or service principal in graph database for '{assignee}'. "
"If the assignee is an appId, make sure the corresponding service principal is created "
"with 'az ad sp create --id {assignee}'.".format(assignee=assignee))

Could you share the the full script you are using and the --debug log of the failed command?

@meierale
Copy link
Author

meierale commented Nov 1, 2021

thanks @jiasli for the info that --sdk-auth only influences the output. This lead us onto the right path and we could fix the error:

  • it resulted from a consecutive az role assignment create command
  • this uses the service principal id from the previous az ad sp create-for-rbac output
  • when using --sdk-auth, the output contains a .clientId, otherwise the .appId hast to be used from the output.

Now that this is fixed we can completely ignore the --sdk-auth parameter as suggested 👍

@johndowns
Copy link
Contributor

FYI, this parameter is used when working with GitHub Actions (and, presumably, other deployment pipelines). Is it possible to provide clear guidance on exactly what path customers should follow from now on?

@devlead devlead mentioned this issue Dec 15, 2021
Open
@jiasli jiasli mentioned this issue Jan 27, 2022
Closed
@skeeler skeeler mentioned this issue May 12, 2022
Closed
@hectorsector hectorsector mentioned this issue Jul 9, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Graph az ad
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@jiasli @johndowns @meierale @yonzhan