Azure-cli: az role assignment create fails

Created on 10 Mar 2017 · 6Comments · Source: Azure/azure-cli

az role assignment create --debug --assignee XXX-XXX-XXX-XXX-XXX --role XXX-XXX-XXX-XXX-XXX --resource-group rgname

fails with The request was incorrectly formatted.

msrest.http_logger : Request body:
msrest.http_logger : {"properties": {"roleDefinitionId": "XXX-XXX-XXX-XXX-XXX", "principalId": "XXX-XXX-XXX-XXX-XXX"}}
requests.packages.urllib3.connectionpool : Starting new HTTPS connection (1): management.azure.com
requests.packages.urllib3.connectionpool : https://management.azure.com:443 "PUT /subscriptions/XXX-XXX-XXX-XXX-XXX/resourceGroups/XXX/providers/Microsoft.Authorization/roleAssignments/XXX-XXX-XXX-XXX-XXX?api-version=2015-07-01 HTTP/1.1" 400 88
msrest.http_logger : Response status: 400

msrest.http_logger : Response content:
msrest.http_logger : b'{"error":{"code":"BadRequestFormat","message":"The request was incorrectly formatted."}}'
msrest.exceptions : The request was incorrectly formatted.

Source

hoffmann

👍1

All 6 comments

@yugangw-msft can you take a look?

tjprescott on 29 Mar 2017

@hoffmann, please use '--debug' and share with the verbose output

yugangw-msft on 29 Mar 2017

this thing is still a problem

lanpar on 2 Jan 2019

Agreed with @lanpar this is still a problem, even in Terraform (I understand this isn't a Terraform problem, but I see it in Terraform just the same)

This works:

resource "azurerm_role_assignment" "Azure-Admins_roleassignment" {
  scope              = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Compute/virtualMachines/vmname-VM"
  role_definition_name = "Virtual Machine Administrator Login"
  principal_id       = "014a520d-9a93-4dee-9644-9f1b1f228b87"
}

azurerm_role_assignment.Azure-Admins_roleassignment: Creation complete after 2s (ID: /subscriptions/e465f7b1-95ef-4fab-69b6-...s/63644e80-73a8-0158-b49d-ac9426abe562)

This does not:

resource "azurerm_role_assignment" "Azure-Admins_roleassignment" {
  scope              = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.Compute/virtualMachines/vmname-VM"
  role_definition_id = "1c0163c0-47e6-4577-8991-ea5c82e286e4"
  principal_id       = "014a520d-9a93-4dee-9644-9f1b1f228b87"
}

* azurerm_role_assignment.Azure-Admins_roleassignment: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequestFormat" Message="The request was incorrectly formatted."

asc-adean on 12 Feb 2019

👍1

@asc-adean are you still experiencing this issue?

I believe it will function correctly if you provide your role_definition_id in the following format:

/subscriptions/${var.subscription_id}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4

hasheddan on 6 Sep 2019

👍1

@hasheddan I will try it again this afternoon, thank you for responding

asc-adean on 10 Sep 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

"az stop" doesn't actually stop VM

seanknox · 3Comments

Failure during installing the azure-cli 2.0 in Bash on Ubuntu on Windows

troydai · 3Comments

Cannot login to az

Kannaj · 3Comments

The way to configure Azure CLI to use Python 3.5 on system where the default Python version is 2.x

FumiakiNagano · 3Comments

query operator with JMESPath doesn't handle a 'dash' (-) properly

cicorias · 3Comments