search

Azure-Samples / azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
https://azure.microsoft.com/products/search
MIT License
6.28k stars 4.21k forks source link

CannotDeleteOrUpdateEnabledEntitlement: Permission (scope or role) cannot be deleted or updated unless disabled first #1601

Open amirj opened 6 months ago

amirj commented 6 months ago

I followed the manual setup to register both client and server apps. Getting the following error while deploying the app.

Could you please elaborate a little more on the process of enabling authentication and assigning roles and groups please?

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

azd up

Any log messages given by the failure

Checking if authentication should be setup... Loading azd .env file from current environment... AZURE_USE_AUTHENTICATION is set, proceeding with authentication setup... Creating Python virtual environment "scripts/.venv"... Installing dependencies from "requirements.txt" into virtual environment (in quiet mode)... Setting up authentication... Checking if application xxxxx exists Application already exists, not creating new one Setting up server application permissions... Traceback (most recent call last): File "/Users/xxx/codes/azure-search-openai-demo/./scripts/auth_init.py", line 210, in asyncio.run(main()) File "/Users/xxx/miniconda3/envs/azure-search-openai-demo/lib/python3.11/asyncio/runners.py", line 190, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "/Users/xxx/miniconda3/envs/azure-search-openai-demo/lib/python3.11/asyncio/runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/xxx/miniconda3/envs/azure-search-openai-demo/lib/python3.11/asyncio/base_events.py", line 654, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "/Users/xxx/codes/azure-search-openai-demo/./scripts/auth_init.py", line 193, in main await update_application(auth_headers, object_id=server_object_id, app_payload=server_app_permission_payload) File "/Users/xxx/codes/azure-search-openai-demo/scripts/auth_common.py", line 32, in update_application raise Exception(response_json) Exception: {'error': {'code': 'CannotDeleteOrUpdateEnabledEntitlement', 'message': 'Permission (scope or role) cannot be deleted or updated unless disabled first.', 'innerError': {'date': '2024-05-08T12:47:29', 'request-id': 'xxx', 'client-request-id': 'xxx'}}}

Expected/desired behavior

OS and Version?

macOS

azd version?

run azd version and copy paste here.

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

amirj commented 5 months ago

Yes, you just need to disable the scope via azure portal first.On 13 Jun 2024, at 16:30, tlievre @.***> wrote: @amirj It works after changing access_user scope state parameter to "Disabled" in Entra ID server App

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

suresh-khair commented 2 weeks ago

i'm also getting the above issue