Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure CLI cannot set values on nested properties #23443

Open
KSchlobohm opened this issue Aug 4, 2022 · 4 comments
Open

Azure CLI cannot set values on nested properties #23443

KSchlobohm opened this issue Aug 4, 2022 · 4 comments
Assignees
@jiasli
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team Documentation Graph az ad Installation needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog

Comments

@KSchlobohm
Copy link

KSchlobohm commented Aug 4, 2022
edited

Related command
az ad app update --set

Describe the bug
Attempting to set a value on a nested property returns an error. It appears that the cli is unaware of the changes made to the graph. Specifically cannot set these two properties:

  • "api.oauth2PermissionScopes"
  • "api.preAuthorizedApplications"

To Reproduce
az ad app update --id $clientid --set api.oauth2PermissionScopes="[ { value: '$scopeName', adminConsentDescription: 'My API access', adminConsentDisplayName: 'My API access', id: 'b3e5bc7f-8568-45ee-b913-3a30f72d830b', isEnabled: true, type: 'Admin' } ] } }"

Expected behavior
Expected the command to set oauth2PermissionScopes.

Environment summary
running on Ubuntu WSL 2 install
install command
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

az version

{
  "azure-cli": "2.38.0",
  "azure-cli-core": "2.38.0",
  "azure-cli-telemetry": "1.0.6",
  "extensions": {
    "containerapp": "0.3.5",
    "log-analytics": "0.2.2",
    "rdbms-connect": "1.0.2"
  }
}

Additional context
can work around the issues with az rest command

option1: update scopes

az rest \
          --method PATCH \
          --uri "https://graph.microsoft.com/v1.0/applications/$apiObjectId" \
          --headers 'Content-Type=application/json' \
          --body "{ identifierUris:[ 'api://$apiWebAppClientId' ], api: { oauth2PermissionScopes: [ { value: '$scopeName', adminConsentDescription: 'My API access', adminConsentDisplayName: 'My API access', id: 'b3e5bc7f-8568-45ee-b913-3a30f72d830b', isEnabled: true, type: 'Admin' } ] } }"

option1: update preAuthorizedClients

permId=$(az ad app show --id $apiWebAppClientId --query 'api.oauth2PermissionScopes[].id' -o tsv)

az rest  \
          --method PATCH \
          --uri "https://graph.microsoft.com/v1.0/applications/$apiObjectId" \
          --headers 'Content-Type=application/json' \
          --body "{api:{preAuthorizedApplications:[{appId:'$preAuthedAppApplicationId',delegatedPermissionIds:['$permId']}]}}"
@ghost ghost added Auto-Assign Auto assign by bot Graph az ad labels Aug 4, 2022
@ghost ghost assigned jiasli Aug 4, 2022
@ghost ghost added this to the Backlog milestone Aug 4, 2022
@ghost ghost added CXP Attention This issue is handled by CXP team. Installation labels Aug 4, 2022
This was referenced Aug 4, 2022
Open
Open
@yonzhan
Copy link
Collaborator

yonzhan commented Aug 4, 2022

@jiasli for awareness

@yonzhan yonzhan added Azure CLI Team The command of the issue is owned by Azure CLI team and removed CXP Attention This issue is handled by CXP team. labels Aug 4, 2022
@jiasli
Copy link
Member

jiasli commented Aug 5, 2022

This is documented as a known issue during MS Graph migration: https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration#known-issues

@RakeshMohanMSFT RakeshMohanMSFT added the needs-author-feedback More information is needed from author to address the issue. label Aug 5, 2022
@KSchlobohm
Copy link
Author

Thanks @jiasli, I wasn't aware this was a known issue

My workflow was something like:

  1. az ad app update --help
  2. try out the command (it failed)
  3. read the doc
  4. try out the command with slightly different syntax (it failed)
  5. web search for guidance
  6. read stackoverflow posts (learned az rest is an alternative)
  7. see that az rest works
  8. search for known issues on GH
  9. open an issue because I didn't see one already open

I think it would help others if the known issue could be linked in the doc

@ghost ghost added needs-team-attention This issue needs attention from Azure service team or SDK team and removed needs-author-feedback More information is needed from author to address the issue. labels Aug 5, 2022
@jiasli
Copy link
Member

jiasli commented Aug 8, 2022

Thanks for the feedback @KSchlobohm. Indeed, the doc should exclude --set, --add and --remove if they are not supported. We will see how we can improve it.

@yonzhan yonzhan added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Aug 10, 2022
@jiasli jiasli added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that and removed bug This issue requires a change to an existing behavior in the product in order to be resolved. labels Aug 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team Documentation Graph az ad Installation needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@jiasli @jsntcy @KSchlobohm @RakeshMohanMSFT @yonzhan