Azure-cli: Unable to update groupMembershipClaims programmatically via `az ad app update`
Describe the bug
Unable to update groupMembershipClaims programmatically via az ad app update
To Reproduce
- Create a new azure ad app registration.
- Attempt to set groupMembershipClaims to a value like SecurityGroup
az ad app update `
--id $appId `
--set groupMembershipClaims=SecurityGroup
Expected behavior
I would expect the manifest to be updated with no errors.
Actual behavior
- The manifest is updated.
- The following error is generated:
az : WARNING: Property 'groupMembershipClaims' not found on root. Send it as an additional property .
At Z:\Git\Dell.DDSP_Tools\Azure\AD\PowerShellScripts\AzureADAutomation.ps1:239 char:5
+ az ad app update `
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (WARNING: Proper...onal property .:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Environment summary
PS C:\Users\user> az --version
azure-cli (2.0.45)
acr (2.1.4)
acs (2.3.2)
advisor (0.6.0)
ams (0.2.3)
appservice (0.2.3)
backup (1.2.1)
batch (3.3.3)
batchai (0.4.2)
billing (0.2.0)
botservice (0.1.0)
cdn (0.1.1)
cloud (2.1.0)
cognitiveservices (0.2.1)
command-modules-nspkg (2.0.2)
configure (2.0.18)
consumption (0.4.0)
container (0.3.3)
core (2.0.45)
cosmosdb (0.2.1)
dla (0.2.2)
dls (0.1.1)
dms (0.1.0)
eventgrid (0.2.0)
eventhubs (0.2.3)
extension (0.2.1)
feedback (2.1.4)
find (0.2.12)
interactive (0.3.28)
iot (0.3.1)
iotcentral (0.1.1)
keyvault (2.2.2)
lab (0.1.1)
maps (0.3.2)
monitor (0.2.3)
network (2.2.4)
nspkg (3.0.3)
policyinsights (0.1.0)
profile (2.1.1)
rdbms (0.3.1)
redis (0.3.2)
relay (0.1.1)
reservations (0.3.2)
resource (2.1.3)
role (2.1.4)
search (0.1.1)
servicebus (0.2.2)
servicefabric (0.1.2)
sql (2.1.3)
storage (2.2.1)
telemetry (1.0.0)
vm (2.2.2)
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\user\.azure\cliextensions'
Python (Windows) 3.6.5 (v3.6.5:f59c0932b4, Mar 28 2018, 16:07:46) [MSC v.1900 32 bit (Intel)]
Legal docs and information: aka.ms/AzureCliLegal
PS C:\Users\user> $host.Version
Major Minor Build Revision
----- ----- ----- --------
5 1 17134 228
PS C:\Users\user>
Additional context
I have also tried to use the --add flag as well, based on my interpetation of the error message. This will throw the following error and NOT update the manifest:
az : ERROR: argument of type 'NoneType' is not iterable
At Z:\Git\Dell.DDSP_Tools\Azure\AD\PowerShellScripts\AzureADAutomation.ps1:239 char:5
+ az ad app update `
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (ERROR: argument...is not iterable:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
unacceptable
All 6 comments
Here is a workaround for this bug while waiting for this to be fixed:
try {
Write-Verbose "Updating groupMembershipClaims to SecurityGroup"
az ad app update `
--id $appId `
--set groupMembershipClaims=SecurityGroup
} catch {
$groupMembershipClaims = (az ad app list --app-id $appId | ConvertFrom-Json ).groupMembershipClaims
if ($groupMembershipClaims -eq "SecurityGroup") {
Write-Verbose "Verified groupMembershipClaims is set to SecurityGroup"
} else {
Write-Error "Unable to set groupMembershipClaims to SecurityGroup"
exit 1
}
}
Let me take a look for this sprint.
yugangw-msft
on 15 Jan 2019
I still have the error today (February 25th 2019).
vplauzon
on 25 Feb 2019
This will be fixed at the same time with #7579. Basically the same root cause that the SDK library used by CLI is not right, which I am contributing the fixes.
yugangw-msft
on 25 Feb 2019
The key is to get https://github.com/Azure/azure-rest-api-specs/pull/5181 merged and SDK published
yugangw-msft
on 3 Mar 2019
I just updated my Azure CLI to v2.0.63.
The following works now:
az ad app update --id $ApplicationId --set groupMembershipClaims="SecurityGroup"
oliverroer
on 26 Apr 2019
Related issues
amarzavery
路
3Comments
jsturtevant
路
3Comments
cicorias
路
3Comments
williexu
路
3Comments
seanknox
路
3Comments
Most helpful comment
I just updated my Azure CLI to v2.0.63.
The following works now: