[QUERY] Can't use Service Principal to test C# SDK. SubscriptionList:'' retrieved for the user/spn id '' error.

[gansvv]

Query/Question I am following these steps to test the C# SDK. https://github.com/Azure/azure-sdk-for-net/blob/main/doc/dev/Using-Azure-TestFramework.md

But I get the following exception,

  System.Exception : SubscriptionList:'' retrieved for the user/spn id '', 
do not match with the provided subscriptionId '48a5f7fb-7eec-40ba-891d-8f6fce68f57c' 
in connection string.

Is this a known issue - when I substitute the TEST_CSM_ORGID_AUTHENTICATION environment variable with another (from an older SP that was known to work), it works fine. However, we are not able to create a new SP and have it work for validating the SDKs. It looks like ListSubscription is failing which leads to the error: https://github.com/Azure/azure-sdk-for-net/blob/4162f6fa2445b2127468b9cfd080f01c9da88eba/sdk/mgmtcommon/TestFramework/ClientRuntime.Azure.TestFramework/TestEnvironment.cs#L461

I have validated that listing subscriptions works fine in Powershell and VS Code. I've also set the Azure account to be the correct account in VS 2019.

Environment:

• Name and version of the Library package used: Windows 10, VS 2019.
• Hosting platform or OS and .NET runtime version (dotnet --info output for .NET Core projects): Windows 10, VS 2019 with build tools (.NET Core SDK).
• IDE and version : VS 2019.

[jsquire]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[gansvv]

Just FYI, another member in my team also followed the same test framework instructions to setup SP and validate the C# SDK and ran into the same issue. It looks like ListSubscription is returning an empty result even though it (listing subscription) works fine via powershell and VS Code.

[gansvv]

@ArthurMa1978 Can you please take a look - this issue is blocking our SDK progress for this Sprint.

[gansvv]

@ArthurMa1978 @jsquire Can someone please look at this issue. Have new service principals been tested with C# SDKs?

[ArthurMa1978]

Ack. @gansvv , @HarveyLink can you help to check this issue.

[gansvv]

FYI, the code I'm running is here: https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/iotcentral/Microsoft.Azure.Management.IotCentral/tests (IoT Central DotNet SDK Validation tests).

And the test framework page I followed to setup SP and env variables is here: https://github.com/Azure/azure-sdk-for-net/blob/main/doc/dev/Using-Azure-TestFramework.md

Note, I did not add the additional contributor role show in Section 3.4 because my user is the Owner of the subscription (per the SP creation page - https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-active-directory-application).

[HarveyLink]

Hi @gansvv , would you mind add contributor role to your new SP in the Subscription which you set in the connection string, and rerun the test see if they could get pass?

[gansvv]

@HarveyLink You are right. It was the Contributor setting for the SP (app). I could not run the commands in Section 3.4 of the doc using the latest Azure Powershell. But using the Add Role Assignment settings on portal to app the Contributor role to the Service Principal app (using its Display name) made it work! Thanks.

[gansvv]

These commands are more up-to-date to add the az role via Azure CLI: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli#manage-service-principal-roles