`az ad app permission admin-consent` broken

mclacore commented 1 year ago

Related command az ad app permission admin-consent --id <appId>

Describe the bug Error:

Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

To Reproduce Create a service principal and assign tenant roles:

az ad sp create-for-rbac --name test-name \
                         --role owner \
                         --scopes /subscriptions/<subscriptionId>

az ad app permission add --id <appId> \
                         --api 00000003-0000-0000-c000-000000000000 \
                         --api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope \
                         1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9=Role \
                         62a82d76-70ea-41e2-9197-370581804d09=Role \
                         19dbc75e-c2e2-444c-a770-ec69d8559fc7=Role

az ad app permission admin-consent --id <appId>

Expected behavior Creates the service principal, assigns API permissions, and then grants consent to those permissions.

Environment Summary

Linux-5.4.0-1100-azure-x86_64-with-glibc2.35 (Cloud Shell), CBL-Mariner/Linux
Python 3.9.14
Installer: RPM

azure-cli 2.44.1

Extensions:
aks-preview 0.5.64
ai-examples 0.2.5
ml 2.12.1
ssh 1.1.3

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional context I've read from other GitHub issues elsewhere that this command is being deprecated. But, I need a viable workaround ASAP because our entire company's onboarding system for Azure customers is dependent on being able to grant admin consent.