0

I m running az role assignment list -g from Azure Devops on Microsofts Hosted Agent

I dont see principalName parameter in result. But same command when I run on my local in VsCode I see principalName. I checked az cli versions both MS agent and on my local, they are same 2.5.1

Wondering what I m missing....

below is what i get in Azure Devops after running the above command 

{
    "canDelegate": xxx,
    "id": xxx,
    "name": xxx,
    "principalId": xxx,
    "principalType": xxx,
    "resourceGroup": xxx,
    "roleDefinitionId": xxx,
    "scope": xxx,
    "type": "Microsoft.Authorization/roleAssignments"
}
Suraj
  • 135
  • 2
  • 8

2 Answers2

0

Why don't I see Principal Name when I run az role assignment list from Azure Devops?

I could reproduce this issue with Azure CLI task on my side.

I found there is a similar issue about the Azure cli on the github, so, I am afraid this issue has not been fixed on the azure cli task, it still exists.

To resolve/verify this issue, you could try to use the Azure Powershell task to login and execute that command line:

az login -u <username> -p <password>

az role assignment list --resource-group rgname

The result:

enter image description here

Hope this helps.

Leo Liu
  • 71,098
  • 10
  • 114
  • 135
  • thanks a lot , the link mentioned really helps with information. will try with Azure Powershell task. – Suraj May 15 '20 at 14:05
  • @Suraj, I haven't received your reply for a long time. Can I know if this answer is valid for you? – Leo Liu May 20 '20 at 02:38
  • i have whole big script written in python using az cli commands in it. And i m using service principal in my pipeline (avoiding user/password) for security reasons.I have raised it with MS just waiting for their reply... – Suraj May 20 '20 at 05:52
0

Microsoft helped to resolve this issue. Your Service Principal needs Directory Read access on App Permissions. This would solve the problem.

Suraj
  • 135
  • 2
  • 8