Azure-docs: Searching for AAD service principal to delete
When attempting to delete a service principal, should the query for the 'displayName' be the name of the AKS cluster? As stated in the doc, that search didn't work for me (eventually errored out). However, when I searched in the Azure Portal, I could find it. The service principal display name was not exactly the same as the name of the AKS cluster. The display name started with the AKS cluster name, but also had "SP" and the create date appended.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 25a0d502-ce71-76d4-bf8a-060e63913b52
- Version Independent ID: 69d7fa26-1a37-e477-0a2c-db58ce19a84f
- Content: Service principals for Azure Kubernetes Services (AKS)
- Content Source: articles/aks/kubernetes-service-principal.md
- Service: container-service
- GitHub Login: @iainfoulds
- Microsoft Alias: iainfou
mcollier
All 6 comments
Thanks for the feedback! We are currently investigating and will update you shortly.
mimckitt
on 29 Nov 2018
@mcollier did you manually create a service principal or allow Azure to do it for you?
If you allow Azure to automatically create one for you such as using the following:
az aks create --name myAKSCluster --resource-group myResourceGroup --generate-ssh-keys
A service principal will be created and the name of the cluster will be used
But if you manually create a SP the name would be different
az ad sp create-for-rbac --skip-assignment
The command to get a list of the service principals seems to be having issues as I ran it by itself and it still stalls. So that might be something unrelated.
@iainfoulds maybe we should mention how the service principal names work if you manually create them?
mimckitt
on 29 Nov 2018
@mcollier any update on this?
mimckitt
on 3 Dec 2018
The SP was created automatically for me when I created the cluster via the Azure Portal.
Yes, I noticed that problem with the 'az ad app list' command as well. It eventually exited it an error, and I was able to quickly find and delete the SP via the Azure AD blades in the Azure Portal.
mcollier
on 4 Dec 2018
Thanks @mcollier
I will assign to the author to review further
@iainfoulds can you take a look?
mimckitt
on 4 Dec 2018
Looks like az ad sp delete --id $(az aks show -g myResourceGroup -n myAKSCluster --query servicePrincipalProfile.clientId -o tsv) would be a cleaner way to do this since there are naming differences between manually creating a service principal or letting the Azure CLI or then Azure portal create one. I'll update the doc accordingly.
iainfoulds
on 15 Feb 2019
Related issues
behnam89
·
3Comments
spottedmahn
·
3Comments
monteledwards
·
3Comments
JeffLoo-ong
·
3Comments
paulmarshall
·
3Comments
Most helpful comment
Looks like
az ad sp delete --id $(az aks show -g myResourceGroup -n myAKSCluster --query servicePrincipalProfile.clientId -o tsv)would be a cleaner way to do this since there are naming differences between manually creating a service principal or letting the Azure CLI or then Azure portal create one. I'll update the doc accordingly.