API version 2022-05-01-preview does not have operation group 'role_definitions'

[teto]

Describe the bug

I could not find how to create a service principal and give it contributor rights from the portal so I resorted to the CLI but when trying to create a service principal with contributor role (because I want it to be able to create resource groups, via pulumi), the client fails.

Related command

az role assignment create --assignee APP_ID --role Contributor --scope /subscriptions/MY_SUBSCRIPTION --debug

Errors

az role assignment create --assignee APP_ID --role Contributor --scope     /subscriptions/TENANT_ID
The command failed with an unexpected error. Here is the traceback:
API version 2022-05-01-preview does not have operation group 'role_definitions'
Traceback (most recent call last):
  File "/nix/store/6ipkjx887hvan6hwn7kqby4gblgb08jp-python3.10-knack-0.11.0/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 186, in create_role_assignment
    return _create_role_assignment(cmd.cli_ctx, role, object_id, resource_group_name, scope, resolve_assignee=False,
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 203, in _create_role_assignment
    definitions_client = factory.role_definitions
  File "/nix/store/ack4wj75pxa1db2sb8z9nk3qfa5avb4j-python3.10-azure-mgmt-authorization-3.0.0/lib/python3.10/site-packages/azure/mgmt/authorization/_authorization_management_client.py", line 810, in role_definitions
    raise ValueError("API version {} does not have operation group 'role_definitions'".format(api_version))
ValueError: API version 2022-05-01-preview does not have operation group 'role_definitions'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues

Issue script & Debug output

az role assignment create --assignee APP_ID --role Contributor --scope         /subscriptions/MY_SUBSCRIPTION --debug
cli.knack.cli: Command arguments: ['role', 'assignment', 'create', '--assignee', 'APP_ID', '--role', 'Contributor', '--scope', '/subscriptions/6e9e80f4-0e64-4fd3-
a3ad-79bc669a3b52', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7ffff71edf30>, <function OutputProducer.on_global_arguments at 0x7ffff6f0a5f0>, <func
tion CLIQuery.on_global_arguments at 0x7ffff6f3b910>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'role': ['azure.cli.command_modules.role']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: role                      0.005        17        61
cli.azure.cli.core: Total (1)                 0.005        17        61
cli.azure.cli.core: Loaded 17 groups, 61 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : role assignment create
cli.azure.cli.core: Command table: role assignment create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7ffff5fb27a0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/teto/nova/ci-runner/azure/commands/2023-10-16.11-08-50.role_assignment_create.1368141.log'.
az_command_data_logger: command args: role assignment create --assignee {} --role {} --scope {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7ffff5fc3250>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7ffff6004c10>, <function register_cache_arguments.<locals>.add_ca
che_arguments at 0x7ffff6004d30>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7ffff6f0a680>, <function CLIQuery.handle_query_parameter at 0x7ffff6f3b9a0>, <functio
n register_ids_argument.<locals>.parse_ids_arguments at 0x7ffff6004ca0>]
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/teto/nova/ci-runner/azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/teto/nova/ci-runner/azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client
_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/discovery/v2.0/keys', 'response_modes_supported': 
['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token
', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/v2.0', 'request_ur
i_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/6e9e80f4-0e64-4fd3-a3ad-79bc669a3b
52/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'fro
ntchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'clou
d_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 
'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline
.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 09b07dce-b993-43c7-aca1-40d003827498
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/servicePrincipals?$filter=servicePrincipalNames%2Fany%28c%3Ac%20eq%20%27APP_ID%27%29'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util:     'User-Agent': 'python/3.10.12 (Linux-6.1.56-x86_64-with-glibc2.37) AZURECLI/2.53.0 (PIP)'
cli.azure.cli.core.util:     'Accept-Encoding': 'gzip, deflate, br'
cli.azure.cli.core.util:     'Accept': '*/*'
cli.azure.cli.core.util:     'Connection': 'keep-alive'
cli.azure.cli.core.util:     'x-ms-client-request-id': 'c289da94-6643-481b-84bd-3372639106c6'
cli.azure.cli.core.util:     'CommandName': 'role assignment create'
cli.azure.cli.core.util:     'ParameterSetName': '--assignee --role --scope --debug'
cli.azure.cli.core.util:     'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/servicePrincipals?$filter=servicePrincipalNames%2Fany%28c%3Ac%20eq%20%27APP_ID%27%29 HTTP/1.1" 
200 None
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util:     'Cache-Control': 'no-cache'
cli.azure.cli.core.util:     'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util:     'Content-Type': 'application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8'
cli.azure.cli.core.util:     'Content-Encoding': 'gzip'
cli.azure.cli.core.util:     'Vary': 'Accept-Encoding'
cli.azure.cli.core.util:     'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util:     'request-id': 'a3a36669-2a8c-4549-b1e8-19299fe727eb'
cli.azure.cli.core.util:     'client-request-id': 'a3a36669-2a8c-4549-b1e8-19299fe727eb'
cli.azure.cli.core.util:     'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"France Central","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"PA3PEPF00000832"}}'
cli.azure.cli.core.util:     'x-ms-resource-unit': '1'
cli.azure.cli.core.util:     'OData-Version': '4.0'
cli.azure.cli.core.util:     'Date': 'Mon, 16 Oct 2023 09:08:49 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#servicePrincipals","value":[{"id":"ee5be72f-9d4e-4ece-8d31-74e94c42f1a8","deletedDateTime":null,"accountE
nabled":true,"alternativeNames":[],"appDisplayName":"azure-cli-2023-10-16-08-41-25","appDescription":null,"appId":"APP_ID","applicationTemplateId":null,"appOwnerO
rganizationId":"MY_SUBSCRIPTION","appRoleAssignmentRequired":false,"createdDateTime":"2023-10-16T08:41:29Z","description":null,"disabledByMicrosoftStatus":null,"displayNam
e":"azure-cli-2023-10-16-08-41-25","homepage":null,"loginUrl":null,"logoutUrl":null,"notes":null,"notificationEmailAddresses":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyThumb
print":null,"replyUrls":[],"servicePrincipalNames":["APP_ID"],"servicePrincipalType":"Application","signInAudience":"AzureADandPersonalMicrosoftAccount","tags":[]
,"tokenEncryptionKeyId":null,"samlSingleSignOnSettings":null,"addIns":[],"appRoles":[],"info":{"logoUrl":null,"marketingUrl":null,"privacyStatementUrl":null,"supportUrl":null,"termsOfServiceUr
l":null},"keyCredentials":[],"oauth2PermissionScopes":[],"passwordCredentials":[],"resourceSpecificApplicationPermissions":[],"verifiedPublisher":{"displayName":null,"verifiedPublisherId":null
,"addedDateTime":null}}]}
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=AuthorizationManagementClient
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client
_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/discovery/v2.0/keys', 'response_modes_supported': 
['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token
', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/v2.0', 'request_ur
i_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/6e9e80f4-0e64-4fd3-a3ad-79bc669a3b
52/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'fro
ntchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'clou
d_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 
'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/MY_SUBSCRIPTION/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline
.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/nix/store/6ipkjx887hvan6hwn7kqby4gblgb08jp-python3.10-knack-0.11.0/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 186, in create_role_assignment
    return _create_role_assignment(cmd.cli_ctx, role, object_id, resource_group_name, scope, resolve_assignee=False,
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 203, in _create_role_assignment
    definitions_client = factory.role_definitions
  File "/nix/store/ack4wj75pxa1db2sb8z9nk3qfa5avb4j-python3.10-azure-mgmt-authorization-3.0.0/lib/python3.10/site-packages/azure/mgmt/authorization/_authorization_management_client.py", line 8
10, in role_definitions
    raise ValueError("API version {} does not have operation group 'role_definitions'".format(api_version))
ValueError: API version 2022-05-01-preview does not have operation group 'role_definitions'

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: API version 2022-05-01-preview does not have operation group 'role_definitions'
Traceback (most recent call last):
  File "/nix/store/6ipkjx887hvan6hwn7kqby4gblgb08jp-python3.10-knack-0.11.0/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 186, in create_role_assignment
    return _create_role_assignment(cmd.cli_ctx, role, object_id, resource_group_name, scope, resolve_assignee=False,
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 203, in _create_role_assignment
    definitions_client = factory.role_definitions
  File "/nix/store/ack4wj75pxa1db2sb8z9nk3qfa5avb4j-python3.10-azure-mgmt-authorization-3.0.0/lib/python3.10/site-packages/azure/mgmt/authorization/_authorization_management_client.py", line 8
10, in role_definitions
    raise ValueError("API version {} does not have operation group 'role_definitions'".format(api_version))
ValueError: API version 2022-05-01-preview does not have operation group 'role_definitions'
az_command_data_logger: API version 2022-05-01-preview does not have operation group 'role_definitions'
Traceback (most recent call last):
  File "/nix/store/6ipkjx887hvan6hwn7kqby4gblgb08jp-python3.10-knack-0.11.0/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-azure-cli-core-2.53.0/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 186, in create_role_assignment
    return _create_role_assignment(cmd.cli_ctx, role, object_id, resource_group_name, scope, resolve_assignee=False,
  File "/nix/store/26g31p0clvcb9f5qdwvl8yhkfdvbblc6-python3.10-azure-cli-2.53.0/lib/python3.10/site-packages/azure/cli/command_modules/role/custom.py", line 203, in _create_role_assignment
    definitions_client = factory.role_definitions
  File "/nix/store/ack4wj75pxa1db2sb8z9nk3qfa5avb4j-python3.10-azure-mgmt-authorization-3.0.0/lib/python3.10/site-packages/azure/mgmt/authorization/_authorization_management_client.py", line 8
10, in role_definitions
    raise ValueError("API version {} does not have operation group 'role_definitions'".format(api_version))
ValueError: API version 2022-05-01-preview does not have operation group 'role_definitions'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7ffff5fb29e0>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 0.769 seconds (init: 0.334, invoke: 0.435)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7288 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/nix/store/pzf6dnxg8gf04xazzjdwarm7s03cbrgz-python3-3.10.12/bin/python3.10 /nix/store/0ycsg0cjski6m6zzri7hgymqw62g6swz-python3.10-azure-cli-telemet
ry-1.0.8/lib/python3.10/site-packages/azure/cli/telemetry/__init__.py /home/teto/nova/ci-runner/azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

Success ?

Environment Summary

azure-cli                         2.53.0

core                              2.53.0
telemetry                          1.1.0

Dependencies:
msal                            1.24.0b1
azure-mgmt-resource             23.1.0b2

Python location '/nix/store/pzf6dnxg8gf04xazzjdwarm7s03cbrgz-python3-3.10.12/bin/python3.10'
Extensions directory '/home/teto/nova/ci-runner/azure/cliextensions'

Python (Linux) 3.10.12 (main, Jun  6 2023, 22:43:10) [GCC 12.3.0]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

I want to create credentials to be able to deploy new resource groups via pulumi. I am new to azure and I've got a hell of a time to achieve just that. The portal blinks with errors asking me to log again when I look at some "app registration" page and while everything recommands to use principals, the move to microsoft entra seems to have outdated even official docs and I can't find where to update the "service principal" credentials in the portal. So I resorted to the CLI with the previous problem.

Note that I tried an alternative command with the same result

$ az ad sp create-for-rbac --name "MyApp" --role contributor --scopes /subscriptions/REDACTED
Creating 'contributor' role assignment under scope '/subscriptions/REDACTED
  Role assignment creation failed.
 The command failed with an unexpected error. Here is the traceback:
API version 2022-05-01-preview does not have operation group 'role_definitions' 

[yonzhan]

Thank you for opening this issue, we will look into it.

[jiasli]

Similar to https://github.com/Azure/azure-cli/issues/16498#issuecomment-836500907.

Judging by the call stack, the site-packages is installed under /nix/store/680adxjlwzlc498mplx3pmc4kwljxfyn-python3.10-xxx, so this is neither an official python, nor an official Azure CLI package.

You have azure-mgmt-authorization-3.0.0 installed, but azure-cli 2.53.0 requires

https://github.com/Azure/azure-cli/blob/4dffcd2380a29f3b62468638808a59c0212ed5b7/src/azure-cli/setup.py#L71

Please make sure the dependences of Azure CLI are satisfied.

For documentation on using Azure CLI with Service Principal, please see https://learn.microsoft.com/en-us/cli/azure/azure-cli-sp-tutorial-1.

I could not find how to create a service principal and give it contributor rights from the portal

You may create a support ticket for Azure Portal related problems at https://azure.microsoft.com/en-us/support/create-ticket.

[teto]

Indeed, I've just checked and it works if I use azure-mgmt-authorization 4.0. I will see what I can on the nixpkgs side to prevent this wrong packaging sry for the noise and thanks for the fast answer.