I'm attempting to authenticate with Azure DNS using a service principal I created, but I'm getting an authentication error. What am I doing wrong?
Here is how I created the SP:
az ad sp create-for-rbac --name az-dns-manager --skip-assignment --sdk-auth > az-dns-credentials.json
az role assignment create --asssignee "$CLIENT_ID_FROM_JSON" --role "DNS Zone Contributor" --scope "$AZ_DNS_SCOPE"
And here is how I'm authenticating in Python:
from azure.common.client_factory import get_client_from_auth_file
from azure.mgmt.dns import DnsManagementClient
dns_client = get_client_from_auth_file(
DnsManagementClient, auth_path='az-dns-credentials.json')
dns_client.record_sets.create_or_update(...)
I then get the following error:
msrest.exceptions.AuthenticationError: Get Token request returned http error:
401 and server response:
{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client
secret is provided.\r\nTrace ID:
e4ac8241-49c0-457f-9b8f-1d41c4fd0600\r\nCorrelation ID:
6be25bc7-01e4-4ce5-a26f-8da0e02b4a64\r\nTimestamp: 2020-12-19
22:55:00Z","error_codes":[7000215],"timestamp":"2020-12-19
22:55:00Z","trace_id":"e4ac8241-49c0-457f-9b8f-1d41c4fd0600","correlation_id":"6be25bc7-01e4-4ce5-a26f-8da0e02b4a64","error_uri":"https://login.microsoftonline.com/error?code=7000215"}