使用 az cli 将贡献者角色分配给应用程序
Assign contributor role to application using az cli
我正在尝试使用以下命令将贡献者分配给应用程序:
az ad sp create-for-rbac -n "Terraform Cloud" --role Contributor --scopes /subscriptions/<id> --sdk-auth
我遇到以下问题:
Changing "Terraform-Cloud" to a valid URI of
"http://Terraform-Cloud", which is the required format used for
service principal names Values of identifierUris property must use a
verified domain of the organization or its subdomain:
'http://Terraform-Cloud'
知道如何解决这个问题吗?
关于这个link
Context
According to the announcement of
https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains,
AAD service will block creating single tenant applications with
invalid idefntifierUris after 2021-10-15.
Impact
Azure CLI command az ad sp create-for-rbac before 2.25.0 which
sets invalid idefntifierUris will fails with 400 badrequest, such as
Values of identifierUris property must use a verified domain of the
organization or its subdomain: 'http://azure-cli-2021-10-20-03-53-05'
Solution
az ad sp create-for-rbac has been updated so that now it
doesn't create identifierUris at all (#18312). Please update to Azure
CLI 2.25.0 or newer. We recommend always using the latest version.
所以我所做的是使用 az upgrade
将我的 az cli 升级到最新版本
升级完成后,我运行问题中提到的相同命令都按预期工作。
我正在尝试使用以下命令将贡献者分配给应用程序:
az ad sp create-for-rbac -n "Terraform Cloud" --role Contributor --scopes /subscriptions/<id> --sdk-auth
我遇到以下问题:
Changing "Terraform-Cloud" to a valid URI of "http://Terraform-Cloud", which is the required format used for service principal names Values of identifierUris property must use a verified domain of the organization or its subdomain: 'http://Terraform-Cloud'
知道如何解决这个问题吗?
关于这个link
Context
According to the announcement of https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains, AAD service will block creating single tenant applications with invalid idefntifierUris after 2021-10-15.Impact
Azure CLI command az ad sp create-for-rbac before 2.25.0 which sets invalid idefntifierUris will fails with 400 badrequest, such asValues of identifierUris property must use a verified domain of the organization or its subdomain: 'http://azure-cli-2021-10-20-03-53-05'
Solution
az ad sp create-for-rbac has been updated so that now it doesn't create identifierUris at all (#18312). Please update to Azure CLI 2.25.0 or newer. We recommend always using the latest version.
所以我所做的是使用 az upgrade
升级完成后,我运行问题中提到的相同命令都按预期工作。