az ad sp create --id <app_id> results in error = When using this permission, the backing application of the service principal being created must in the local tenant #28009
Assignees
Labels
Auto-Assign
Auto assign by bot
Auto-Resolve
Auto resolve by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
Graph
az ad
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Similar-Issue
Milestone
Comments
matthbull
added
the
bug
|
Hi @matthbull
Please confirm if this resolves your issue. |
azure-client-tools-bot-prd
bot
added
Auto-Resolve
microsoft-github-policy-service
bot
added
customer-reported
|
Thank you for opening this issue, we will look into it. |
microsoft-github-policy-service
bot
added
Azure CLI Team
no, this is running different command options |
yonzhan
removed
the
bug
|
Hi @matthbull have you found any workaround for this? |
|
Also the error message is missing a word which makes the sentence unclear:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I'm trying to setup peering between an azure vnet and mongdb atlas.
The first command suggested by the MongoDB modal is:
Inputing this from the azure cli results in:
Searching around here and other resources, it was suggested that it was a permission issue.. But I have the highest perms on our orgs azure.
Related command
az ad sp create --id e90a1407-xxx
Errors
When using this permission, the backing application of the service principal being created must in the local tenant
Issue script & Debug output
cli.knack.cli: Command arguments: ['ad', 'sp', 'create', '--id', 'e90a1407-55c3-432d-9cb1-3638900a9d22', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001D3480CB560>, <function OutputProducer.on_global_arguments at 0x000001D348255C60>, <function CLIQuery.on_global_arguments at 0x000001D3482837E0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'ad': ['azure.cli.command_modules.role']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: role 0.006 17 61
cli.azure.cli.core: Total (1) 0.006 17 61
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 17 groups, 61 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : ad sp create
cli.azure.cli.core: Command table: ad sp create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001D34B195E40>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\matth.azure\commands\2023-12-12.14-14-48.ad_sp_create.35424.log'.
az_command_data_logger: command args: ad sp create --id {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001D34B1CE160>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001D34B1F02C0>, <function register_cache_arguments..add_cache_arguments at 0x000001D34B1F0400>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001D348255D00>, <function CLIQuery.handle_query_parameter at 0x000001D348283880>, <function register_ids_argument..parse_ids_arguments at 0x000001D34B1F0360>]
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\matth\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\matth.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 185ca627-e761-420e-93c2-a881b1d66d84
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/applications?$filter=appId%20eq%20%27e90a1407-55c3-432d-9cb1-3638900a9d22%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': '499780b4-87cc-4dc1-aa23-4c24b5554c1a'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/applications?$filter=appId%20eq%20%27e90a1407-55c3-432d-9cb1-3638900a9d22%27 HTTP/1.1" 200 None
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '6fc16161-be5c-49df-96ee-2c293d857aa3'
cli.azure.cli.core.util: 'client-request-id': '6fc16161-be5c-49df-96ee-2c293d857aa3'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF0000669F"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '2'
cli.azure.cli.core.util: 'OData-Version': '4.0'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:49 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications","value":[]}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 9942fe60-5d09-404c-ba7a-822962816d97
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/applications/e90a1407-55c3-432d-9cb1-3638900a9d22'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'f8de043f-3888-4a34-bc1e-e5ff74609210'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/applications/e90a1407-55c3-432d-9cb1-3638900a9d22 HTTP/1.1" 404 None
cli.azure.cli.core.util: Response status: 404
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c'
cli.azure.cli.core.util: 'client-request-id': '9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF00006696"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:50 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Request_ResourceNotFound","message":"Resource 'e90a1407-55c3-432d-9cb1-3638900a9d22' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2023-12-12T14:14:50","request-id":"9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c","client-request-id":"9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c"}}}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 224d5def-f37e-4088-8686-3cdd370f0cb5
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/servicePrincipals'
cli.azure.cli.core.util: Request method: 'POST'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'a994b1e1-ffe7-4f57-950e-7e790a38c049'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: 'Content-Length': '73'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: {"appId": "e90a1407-55c3-432d-9cb1-3638900a9d22", "accountEnabled": true}
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "POST /v1.0/servicePrincipals HTTP/1.1" 403 None
cli.azure.cli.core.util: Response status: 403
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': 'e305f0b6-865d-46ab-9890-e36023a7ae98'
cli.azure.cli.core.util: 'client-request-id': 'e305f0b6-865d-46ab-9890-e36023a7ae98'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF0000595F"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:51 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Authorization_RequestDenied","message":"When using this permission, the backing application of the service principal being created must in the local tenant","innerError":{"date":"2023-12-12T14:14:52","request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98","client-request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98"}}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1004, in send_raw_request
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"When using this permission, the backing application of the service principal being created must in the local tenant","innerError":{"date":"2023-12-12T14:14:52","request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98","client-request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1032, in create_service_principal
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1067, in _create_service_principal
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 184, in service_principal_create
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: When using this permission, the backing application of the service principal being created must in the local tenant
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 718, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/commands.py", line 50, in graph_err_handler
knack.util.CLIError: When using this permission, the backing application of the service principal being created must in the local tenant
cli.azure.cli.core.azclierror: When using this permission, the backing application of the service principal being created must in the local tenant
az_command_data_logger: When using this permission, the backing application of the service principal being created must in the local tenant
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001D34B1960C0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 2.574 seconds (init: 0.304, invoke: 2.271)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3506 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\matth.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
the service principal is created with the correct ID
Environment Summary
azure-cli 2.55.0
core 2.55.0
telemetry 1.1.0
Extensions:
account 0.2.5
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\matth.azure\cliextensions'
Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response
The text was updated successfully, but these errors were encountered: