search

bebound / azure-cli

Azure Command-Line Interface
MIT License
0 stars 0 forks source link

az keyvault set-polic unexpected error #17

Open bebound opened 1 year ago

bebound commented 1 year ago

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name az keyvault set-policy

Errors:

The command failed with an unexpected error. Here is the traceback:
Insufficient privileges to complete the operation.
Traceback (most recent call last):
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
    r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1014, in send_raw_request
    raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-01-09T19:16:17","request-id":"0c9533b1-5be5-4227-a042-c42d4d1aa62a","client-request-id":"0c9533b1-5be5-4227-a042-c42d4d1aa62a"}}})

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/keyvault/custom.py", line 897, in set_policy
    object_id = _object_id_args_helper(cmd.cli_ctx, object_id, spn, upn)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/keyvault/custom.py", line 876, in _object_id_args_helper
    object_id = _get_object_id(graph_client, spn=spn, upn=upn)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/keyvault/custom.py", line 356, in _get_object_id
    return _get_object_id_by_upn(graph_client, upn)
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/keyvault/custom.py", line 325, in _get_object_id_by_upn
    accounts = list(graph_client.user_list(filter="userPrincipalName eq '{}'".format(upn)))
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
    result = self._send("GET", "/users" + _filter_to_query(filter))
  File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
    raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

Expected Behavior

Environment Summary

Linux-5.15.0-1029-azure-x86_64-with-glibc2.31, Ubuntu 20.04.5 LTS
Python 3.10.5
Installer: DEB

azure-cli 2.41.0 *

Additional Context

Copy from https://github.com/Azure/azure-cli/issues/25082

similar-bot-test[bot] commented 1 year ago
Find similar issue https://github.com/Azure/azure-cli/issues/23892.
Issue title az aro failed by 'Insufficient privileges to complete the operation'
Create time 2022-09-14
Comment number 5