Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql_management endpoint not set error while trying to create service principal against azurestack #14309

Closed
rakku-ms opened this issue Jul 9, 2020 · 6 comments · Fixed by #14664
Closed

sql_management endpoint not set error while trying to create service principal against azurestack #14309

rakku-ms opened this issue Jul 9, 2020 · 6 comments · Fixed by #14664
Assignees
@fengzhou-msft
Labels
Cloud
Milestone
S174

Comments

@rakku-ms
Copy link

rakku-ms commented Jul 9, 2020

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az ad sp create-for-rbac

Errors:

PS C:\> az ad sp create-for-rbac --name "testAPP" --role contributor --scopes /subscriptions/3f2f129d-8e17-4e7d-bf3e-69828d77cf27/resourceGroups/gha-lh01-rg --sdk-auth
Changing "testAPP" to a valid URI of "http://testAPP", which is the required format used for service principal names
Found an existing application instance of "86ab05ef-f6c0-4e60-a94c-719bd4f7c9ae". We will patch it
Creating a role assignment under the scope of "/subscriptions/3f2f129d-8e17-4e7d-bf3e-69828d77cf27/resourceGroups/gha-lh01-rg"
  Role assignment already exists.

The endpoint 'sql_management' for this cloud is not set but is used.
C:\Users\rakku\.azure\clouds.config may be corrupt or invalid.
Resolve the error or delete this file and try again.

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

$envName = "AzureStackLH"
az cloud register -n $envName --endpoint-resource-manager "https://management.northwest.azs-longhaul-01.selfhost.corp.microsoft.com/"
az cloud set -n $envName
az cloud update --profile '2019-03-01-hybrid'
az login
az ad sp create-for-rbac --name "testAPP" --role contributor --scopes /subscriptions/3f2f129d-8e17-4e7d-bf3e-69828d77cf27/resourceGroups/gha-lh01-rg --sdk-auth

Expected Behavior

  • Workaround: set sql-management endpoint using az cloud update cmd.
  • Can we allow the sql-management endpoint to be null?
az cloud update -n $envName --endpoint-sql-management https://notsupported
az ad sp create-for-rbac --name "testAPP" --role contributor --scopes /subscriptions/3f2f129d-8e17-4e7d-bf3e-69828d77cf27/resourceGroups/gha-lh01-rg --sdk-auth

Changing "testAPP" to a valid URI of "http://testAPP", which is the required format used for service principal names
Found an existing application instance of "86ab05ef-f6c0-4e60-a94c-719bd4f7c9ae". We will patch it
Creating a role assignment under the scope of "/subscriptions/3f2f129d-8e17-4e7d-bf3e-69828d77cf27/resourceGroups/gha-lh01-rg"
  Role assignment already exists.

{
  "clientId": "<Redacted>",
  "clientSecret": "<Redacted>",
  "subscriptionId": "<Redacted>",
  "tenantId": "<Redacted>",
  "activeDirectoryEndpointUrl": "https://login.microsoftonline.com/",
  "resourceManagerEndpointUrl": "https://management.northwest.azs-longhaul-01.selfhost.corp.microsoft.com/",
  "activeDirectoryGraphResourceId": "https://graph.windows.net/",
  "sqlManagementEndpointUrl": "https://notsupported",
  "galleryEndpointUrl": "https://providers.azs-long01-int.selfhost.corp.microsoft.com:30016/",
  "managementEndpointUrl": "https://management.northwest.azs-longhaul-01.selfhost.corp.microsoft.com/"
}

Environment Summary

Windows-10-10.0.18362-SP0
Python 3.6.6
Installer: MSI

azure-cli 2.8.0

Additional Context
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jul 9, 2020
@triage-new-issues triage-new-issues bot removed the triage label Jul 9, 2020
@ghost ghost added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Jul 9, 2020
@yungezz
Copy link
Member

yungezz commented Jul 10, 2020

hi @fengzhou-msft could you pls help to look at is the endpoint missing in cloud endpoints? thanks

@yungezz yungezz added Cloud and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jul 10, 2020
@yungezz yungezz added this to the S173 milestone Jul 10, 2020
@fengzhou-msft
Copy link
Member

@rakku-ms It seems to me that the issue is caused by the endpoints in "https://management.northwest.azs-longhaul-01.selfhost.corp.microsoft.com/" does not contain one for sqlManagementEndpointUrl?

Technically, we can allow sqlManagementEndpointUrl to be null and fall back to use the endpoint in AzureCloud. Can the environment of AzureStackLH access public internet?

@rakku-ms
Copy link
Author

@bganapa what's the desired behavior for sqlManagementEndpointUrl? use null or the endpoint of AzureCloud

@fengzhou-msft
Copy link
Member

Currently, the behavior in Azure CLI is to use null for all endpoints not set in a cloud. I'm not sure if it will cause trouble to use endpoint of AzureCloud when it's not set.

@bganapa
Copy link
Member

bganapa commented Jul 24, 2020

@fengzhou-msft / @rakku-ms AzureStack does not support Sql Azure and setting empty or null is the right thing to do. The issue here is though
az ad sp create-for-rbac should not throw an error for sqlManagementEndpointUrl being empty

@fengzhou-msft
Copy link
Member

I see, will investigate why it throws the error.

@yungezz yungezz modified the milestones: S173, S174 Aug 4, 2020
@fengzhou-msft fengzhou-msft mentioned this issue Aug 5, 2020
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fengzhou-msft fengzhou-msft

Labels
Cloud
Projects
None yet
Milestone
S174
Development

Successfully merging a pull request may close this issue.

{Profile} Fix cloud endpoint not set error fengzhou-msft/azure-cli
4 participants
@bganapa @yungezz @rakku-ms @fengzhou-msft