search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.98k stars 2.96k forks source link

az aro create: azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation. #29966

Open shashank-boyapally opened 5 days ago

shashank-boyapally commented 5 days ago

Describe the bug

When execute the az aro create command I find this bug

The command failed with an unexpected error. Here is the traceback:                                                                     
Insufficient privileges to complete the operation.                                                                                      
Traceback (most recent call last):                                                                                                      
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 52, in _send                                                                                                                 
    r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/util.py", line 1007, in send_raw_reque
st
    raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to comp
lete the operation.","innerError":{"date":"2024-09-24T13:29:35","request-id":"1163e429-ffea-4bca-bb0f-f7afa4d322cc","client-request-id":
"1163e429-ffea-4bca-bb0f-f7afa4d322cc"}}})

The above exception was the direct cause of the following exception: 

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 666, in ex
ecute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 733, in _r
un_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 703, in _r
un_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 336, in __
call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 1
21, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/custom.py", line 109, in aro_create
    client_id, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/_aad.py", line 22, in create_application
    app = self.client.application_create(request_body)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 91, in application_create
    result = self._send("POST", "/applications", body=body)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 55, in _send
    raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.

Related command

sboyapal aro >> az aro create --name sboyapal-aro-scale --resource-group sboyapal-aro --vnet sboyapal-aro-vnet --master-subnet master-subnet --master-vm-size Standard_D32s_v5 --worker-subnet worker-subnet --worker-count 50 --worker-vm-size Standard_D8s_v5 --apiserver-visibility Public --ingress-visibility Public --version '4.14.16' --pull-secret pull-secret.txt --verbose

Errors

azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.

Issue script & Debug output

cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:                                      
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:                                             
cli.azure.cli.core.azclierror: Insufficient privileges to complete the operation.                                                       
Traceback (most recent call last):                                                                                                      
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 52, in _send                                                                                                                 
    r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,                                     
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                     
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/util.py", line 1007, in send_raw_reque
st                                                                                                                                      
    raise HTTPError(reason, r)                                                                                                          
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to comp
lete the operation.","innerError":{"date":"2024-09-24T13:40:08","request-id":"2bd5b4b8-f877-4bf9-9390-1d9fca785d26","client-request-id":
"2bd5b4b8-f877-4bf9-9390-1d9fca785d26"}}})                                                                                              

The above exception was the direct cause of the following exception:                                                                    

Traceback (most recent call last):                                                                                                      
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke                   
    cmd_result = self.invocation.execute(args)                                                                                          
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                          
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 666, in ex
ecute                                                                                                                                   
    raise ex                                                                                                                            
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 733, in _r
un_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 703, in _r
un_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 336, in __
call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 1
21, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/custom.py", line 109, in aro_create
    client_id, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/_aad.py", line 22, in create_application
    app = self.client.application_create(request_body)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 91, in application_create
    result = self._send("POST", "/applications", body=body)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 55, in _send
    raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
az_command_data_logger: Insufficient privileges to complete the operation.
Traceback (most recent call last): 
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 52, in _send
    r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/util.py", line 1007, in send_raw_reque
st
    raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to comp
lete the operation.","innerError":{"date":"2024-09-24T13:40:08","request-id":"2bd5b4b8-f877-4bf9-9390-1d9fca785d26","client-request-id":
"2bd5b4b8-f877-4bf9-9390-1d9fca785d26"}}})

The above exception was the direct cause of the following exception:

Traceback (most recent call last): 
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 666, in ex
ecute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 733, in _r
un_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 703, in _r
un_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 336, in __
call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 1
21, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/custom.py", line 109, in aro_create
    client_id, client_secret = aad.create_application(cluster_resource_group or 'aro-' + random_id)
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/sboyapal/.azure/cliextensions/aro/azext_aro/_aad.py", line 22, in create_application
    app = self.client.application_create(request_body)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 91, in application_create
    result = self._send("POST", "/applications", body=body)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client
.py", line 55, in _send
    raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.

Expected behavior

aro cluster to be created

Environment Summary

azure-cli                         2.64.0

core                              2.64.0
telemetry                          1.1.0

Extensions:
aro                                1.0.9

Dependencies:
msal                              1.30.0
azure-mgmt-resource               23.1.1

Additional context

No response

yonzhan commented 5 days ago

Thank you for opening this issue, we will look into it.

github-actions[bot] commented 5 days ago

Here are some similar issues that might help you. Please check if they can solve your problem.

microsoft-github-policy-service[bot] commented 5 days ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @mjudeikis, @jim-minter, @julienstroheker, @amanohar.