Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service principal id != name #6594

Closed
theheatDK opened this issue Jun 16, 2018 · 2 comments
Closed

Service principal id != name #6594

theheatDK opened this issue Jun 16, 2018 · 2 comments
Assignees
@yugangw-msft
Labels
Graph-cli question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Sprint 41

Comments

@theheatDK
Copy link
Contributor

theheatDK commented Jun 16, 2018
edited
Loading

When you create a service principal like this:
az ad sp create-for-rbac --name mySP ...

and you want to show it. You have to use the URI not the name:
az ad sp show --id http://mySP

The help text for the show command states that --id should be "Service principal name, or object id."

Took me some time to figure out that the name I input for the create-for-rbac command is converted to a URI and that is what the show command needs as input.

It is not logical to me that it works like this and I assume it might stump others as well.

It would be nice with a description of this and some examples.

I don't know much about service principals and I am only using this to be able to create an AKS cluster.

[Enter feedback here]

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@tjprescott tjprescott added Graph az ad question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jun 18, 2018
@yugangw-msft yugangw-msft self-assigned this Jun 19, 2018
@yugangw-msft yugangw-msft added this to the Sprint 41 milestone Jun 19, 2018
@mattgillard docs.microsoft.com
Copy link
Contributor

mattgillard commented Oct 21, 2018
edited
Loading

so - this was bugging me too. I think the commands are inconsistent.
Other commands have a --spn argument, but this one has a --id argument that can either be a SP name or an id.
az ad sp show --id <longid works>
Also, even though the docs say you can use a SP uri - when you do:
az ad sp list --output table
For me, it lists the homepage (SP name URI) as https://azure-cli-2018-10-21-07-43-17 (note https and not http).
When I do:
az ad sp show --id https://azure-cli-2018-10-21-07-43-17 it fails. But when I do az ad sp show --id http://azure-cli-2018-10-21-07-43-17 it works fine.

@yugangw-msft
Copy link
Contributor

For context, the goal of create-for-rbac is to simplify everything, but it goes a bit too far by auto-fixing the a non-uri based name w/o communicating it.
I will update the help and also output a warning telling you that we are adding the "http://" prefix to get the provision work.

@yugangw-msft yugangw-msft mentioned this issue Oct 23, 2018
Merged
2 tasks
@haroldrandom haroldrandom added Graph-cli question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Oct 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yugangw-msft yugangw-msft

Labels
Graph-cli question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
Sprint 41
Development

No branches or pull requests
5 participants
@tjprescott @yugangw-msft @mattgillard @haroldrandom @theheatDK