Unable to create service principal with azure cli from git bash shell, no connection adapters were found.
See original GitHub issue
az feedback
auto-generates most of the information requested below, as of CLI version 2.0.62
Describe the bug When trying to create an azure service principal from git bash or programatically from bash scripts, the task fails with the following error:
Creating a role assignment under the scope of "C:/Program Files/Git/subscriptions/yyy-yyy-xxx-xxx"
Role assignment creation failed.
ClientError: Error occurred in request., InvalidSchema: No connection adapters were found for 'C:/Program Files/Git/subscriptions/yyy-yyy-xxx-xxx
xxx-xxx-yyy-yyy/providers/Microsoft.Authorization/roleDefinitions?$filter=roleName%20eq%20%27Contributor%27&api-version=2018-01-01-preview'
This is a long persistent error and is still not solved. We need to bootstrap environments programatically.
The command involved is:
ARM_CLIENT_SECRET=$(az ad sp create-for-rbac
--name "http://$ARM_PRINCIPAL_NAME"
--role Contributor
--scopes "/subscriptions/$ARM_SUBSCRIPTION_ID"
--query password
--output tsv)
I also tried to change the read write permissions of the C:/Program Files/Git and its subfolders, no change.
Strange is, the sp gets created but incomplete and the command does not return the client secret. Also the role assigment gets created to an unknown identity - see screenshot
To Reproduce Issue the following command:
ARM_CLIENT_SECRET=$(az ad sp create-for-rbac
--name "http://$ARM_PRINCIPAL_NAME"
--role Contributor
--scopes "/subscriptions/$ARM_SUBSCRIPTION_ID"
--query password
--output tsv)
Expected behavior Execute command and return client secret or other variable depending on the query
Environment summary Windows 10 Git Bash
Additional context
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:11 (3 by maintainers)
Top GitHub Comments
You need to set
MSYS_NO_PATHCONV=1
to avoid auto-translation of the resource id: https://github.com/Azure/azure-cli/blob/dev/doc/use_cli_with_git_bash.md#auto-translation-of-resource-idsThanks @fengzhou-msft. I had to do something like this SP_PASSWD=$(MSYS_NO_PATHCONV=1 az ad sp create-for-rbac
–name http://$ACR_NAME-pull
–scopes $ACR_REGISTRY_ID
–role acrpull
–query password
–output tsv)