Attempt to create service principal for RBAC with contributor role fails with "WARNING: Role assignment creation failed."

Siegfried Heintze 1,861 Reputation points
2024-04-27T22:56:57.12+00:00

I'm trying to follow these instructions: https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Cwindows#create-a-service-principal

az ad sp create-for-rbac --name spad_ServiceBusSimpleSendReceive002 --role contributor --scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx7db/resourceGroups/rg_ServiceBusSimpleSendReceive002

WARNING: Creating 'contributor' role assignment under scope '/subscriptions/acc26051-92a5-4ed1-a226-64a187bc27db/resourceGroups/rg_ServiceBusSimpleSendReceive002

'

WARNING:   Role assignment creation failed. 

WARNING:   role assignment response headers: {'Content-Type': 'text/html; charset=us-ascii', 'Date': 'Sat, 27 Apr 2024 22:39:51 GMT', 'Connection': 'close', 'Content-Length': '324'}

ERROR: Operation returned an invalid status 'Bad Request'

Also: I don't understand the --json-auth. I could not determine what this is for from the documentation.

Thanks

Siegfried

Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marcin Policht 13,480 Reputation points MVP
    2024-04-28T00:26:53.5366667+00:00

    Verify that the value of the --scopes parameter is correct and that you have sufficient permissions to the target Entra tenant and the corresponding Azure subscription.

    The --json-auth parameter results in the JSON output which can be added directly to GitHub as a secret and referenced in GitHub Actions that require access to the target Azure subscription


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin