Open matthbull opened 7 months ago
Hi @matthbull Find similar issue https://github.com/Azure/azure-cli/issues/14767. | ||
---|---|---|
Issue title | Creating service principal failed - When using this permission, the backing application of the service principal being created must in the local tenant | |
Create time | 2020-08-13 | |
Comment number | 7 |
Please confirm if this resolves your issue.
Thank you for opening this issue, we will look into it.
Hi @matthbull Find similar issue #14767.
Issue title Creating service principal failed - When using this permission, the backing application of the service principal being created must in the local tenant Create time 2020-08-13 Comment number 7 Please confirm if this resolves your issue.
no, this is running different command options
Hi @matthbull have you found any workaround for this?
Describe the bug
I'm trying to setup peering between an azure vnet and mongdb atlas.
The first command suggested by the MongoDB modal is:
Inputing this from the azure cli results in:
Searching around here and other resources, it was suggested that it was a permission issue.. But I have the highest perms on our orgs azure.
Related command
az ad sp create --id e90a1407-xxx
Errors
When using this permission, the backing application of the service principal being created must in the local tenant
Issue script & Debug output
cli.knack.cli: Command arguments: ['ad', 'sp', 'create', '--id', 'e90a1407-55c3-432d-9cb1-3638900a9d22', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001D3480CB560>, <function OutputProducer.on_global_arguments at 0x000001D348255C60>, <function CLIQuery.on_global_arguments at 0x000001D3482837E0>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'ad': ['azure.cli.command_modules.role'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: role 0.006 17 61 cli.azure.cli.core: Total (1) 0.006 17 61 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: Total (0) 0.000 0 0 cli.azure.cli.core: Loaded 17 groups, 61 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : ad sp create cli.azure.cli.core: Command table: ad sp create cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001D34B195E40>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\matth.azure\commands\2023-12-12.14-14-48.ad_sp_create.35424.log'. az_command_data_logger: command args: ad sp create --id {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001D34B1CE160>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001D34B1F02C0>, <function register_cache_arguments..add_cache_arguments at 0x000001D34B1F0400>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001D348255D00>, <function CLIQuery.handle_query_parameter at 0x000001D348283880>, <function register_ids_argument..parse_ids_arguments at 0x000001D34B1F0360>]
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\matth\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\matth.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 185ca627-e761-420e-93c2-a881b1d66d84
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/applications?$filter=appId%20eq%20%27e90a1407-55c3-432d-9cb1-3638900a9d22%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': '499780b4-87cc-4dc1-aa23-4c24b5554c1a'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/applications?$filter=appId%20eq%20%27e90a1407-55c3-432d-9cb1-3638900a9d22%27 HTTP/1.1" 200 None
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '6fc16161-be5c-49df-96ee-2c293d857aa3'
cli.azure.cli.core.util: 'client-request-id': '6fc16161-be5c-49df-96ee-2c293d857aa3'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF0000669F"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '2'
cli.azure.cli.core.util: 'OData-Version': '4.0'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:49 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications","value":[]}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 9942fe60-5d09-404c-ba7a-822962816d97
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/applications/e90a1407-55c3-432d-9cb1-3638900a9d22'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'f8de043f-3888-4a34-bc1e-e5ff74609210'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/applications/e90a1407-55c3-432d-9cb1-3638900a9d22 HTTP/1.1" 404 None
cli.azure.cli.core.util: Response status: 404
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c'
cli.azure.cli.core.util: 'client-request-id': '9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF00006696"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:50 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Request_ResourceNotFound","message":"Resource 'e90a1407-55c3-432d-9cb1-3638900a9d22' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2023-12-12T14:14:50","request-id":"9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c","client-request-id":"9cf0fcf3-34ea-4412-ab47-3c67ecb35b5c"}}}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f385e49c-0507-45fe-a5f1-94e4cc99bc4c/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://graph.microsoft.com//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 224d5def-f37e-4088-8686-3cdd370f0cb5
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/servicePrincipals'
cli.azure.cli.core.util: Request method: 'POST'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.5 (Windows-10-10.0.22621-SP0) AZURECLI/2.55.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'a994b1e1-ffe7-4f57-950e-7e790a38c049'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'CommandName': 'ad sp create'
cli.azure.cli.core.util: 'ParameterSetName': '--id --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: 'Content-Length': '73'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: {"appId": "e90a1407-55c3-432d-9cb1-3638900a9d22", "accountEnabled": true}
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "POST /v1.0/servicePrincipals HTTP/1.1" 403 None
cli.azure.cli.core.util: Response status: 403
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': 'e305f0b6-865d-46ab-9890-e36023a7ae98'
cli.azure.cli.core.util: 'client-request-id': 'e305f0b6-865d-46ab-9890-e36023a7ae98'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"LN2PEPF0000595F"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Tue, 12 Dec 2023 14:14:51 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Authorization_RequestDenied","message":"When using this permission, the backing application of the service principal being created must in the local tenant","innerError":{"date":"2023-12-12T14:14:52","request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98","client-request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98"}}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1004, in send_raw_request
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"When using this permission, the backing application of the service principal being created must in the local tenant","innerError":{"date":"2023-12-12T14:14:52","request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98","client-request-id":"e305f0b6-865d-46ab-9890-e36023a7ae98"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1032, in create_service_principal File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1067, in _create_service_principal File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 184, in service_principal_create File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send azure.cli.command_modules.role._msgrpah._graph_client.GraphError: When using this permission, the backing application of the service principal being created must in the local tenant
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 718, in _run_job File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/commands.py", line 50, in graph_err_handler knack.util.CLIError: When using this permission, the backing application of the service principal being created must in the local tenant
cli.azure.cli.core.azclierror: When using this permission, the backing application of the service principal being created must in the local tenant az_command_data_logger: When using this permission, the backing application of the service principal being created must in the local tenant cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001D34B1960C0>] az_command_data_logger: exit code: 1 cli.main: Command ran in 2.574 seconds (init: 0.304, invoke: 2.271) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 3506 in cache telemetry.main: Begin creating telemetry upload process. telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry__init__.pyc C:\Users\matth.azure" telemetry.process: Return from creating process telemetry.main: Finish creating telemetry upload process.
Expected behavior
the service principal is created with the correct ID
Environment Summary
azure-cli 2.55.0
core 2.55.0 telemetry 1.1.0
Extensions: account 0.2.5
Dependencies: msal 1.24.0b2 azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\matth.azure\cliextensions'
Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response