Describe the bug
Unable to delete the ARO cluster via azure-cli using service principal
Followed instructions for creation of service principal in : https://learn.microsoft.com/en-us/azure/openshift/howto-create-service-principal?pivots=aro-azurecli
Related command
az aro delete --resource-group somegroup --name clustername--yes
Errors
The command failed with an unexpected error. Here is the traceback:
'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T14:58:10","request-id":"c0064339-88fa-4f0a-a1e1-df25735f41c8","client-request-id":"c0064339-88fa-4f0a-a1e1-df25735f41c8"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
Issue script & Debug output
cli.knack.cli: Command arguments: ['aro', 'delete', '--resource-group', '##########-aro', '--name', '####https://github.com//pull/3', '--yes', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7fc223a09360>, <function OutputProducer.on_global_arguments at 0x7fc223960280>, <function CLIQuery.on_global_arguments at 0x7fc22377d480>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'aro': ['azure.cli.command_modules.aro']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: aro 0.127 1 9
cli.azure.cli.core: Total (1) 0.127 1 9
cli.azure.cli.core: Loaded 1 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : aro delete
cli.azure.cli.core: Command table: aro delete
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7fc222b4ecb0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/root/.azure/commands/2023-08-10.15-03-52.aro_delete.37459.log'.
az_command_data_logger: command args: aro delete --resource-group {} --name {} --yes --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7fc222b677f0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7fc222bb1630>, <function register_cache_arguments..add_cache_arguments at 0x7fc222bb1750>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7fc223960310>, <function CLIQuery.handle_query_parameter at 0x7fc22377d510>, <function register_ids_argument..parse_ids_arguments at 0x7fc222bb16c0>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=AzureRedHatOpenShiftClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/service_principal_entries.json', encrypt=False
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /root/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: aa188edb-ee0c-4eef-9a40-bfb30fbc0479
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/#########################/resourceGroups/#########/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3?api-version=2022-09-04'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '1e74a3ff-378f-11ee-b114-73425c0a4518'
cli.azure.cli.core.sdk.policies: 'CommandName': 'aro delete'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --yes --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.51.0 (DEB) azsdk-python-azure-mgmt-redhatopenshift/1.2.0 Python/3.10.10 (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3 HTTP/1.1" 200 None
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'X-Ms-Request-Id': 'bedb0227-d0de-4ecb-89a0-dd93331b3648'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11996'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '515753b3-2df9-4185-b8bf-b67c4ca24172'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20230810T150352Z:515753b3-2df9-4185-b8bf-b67c4ca24172'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Thu, 10 Aug 2023 15:03:52 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"id": "/subscriptions/#########################/resourcegroups/##########-aro/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3",
"name": "#####3",
"type": "Microsoft.RedHatOpenShift/openShiftClusters",
"location": "westeurope",
"systemData": {
"createdBy": "########@outlook.com",
"createdByType": "User",
"createdAt": "2023-08-08T07:37:11.1937626Z",
"lastModifiedBy": "########@outlook.com",
"lastModifiedByType": "User",
"lastModifiedAt": "2023-08-08T07:37:11.1937626Z"
},
"properties": {
"provisioningState": "Succeeded",
"clusterProfile": {
"domain": "########",
"version": "4.10.54",
"resourceGroupId": "/subscriptions/#########################/resourcegroups/aro-infra-lhyz71ur-#####3",
"fipsValidatedModules": "Disabled"
},
"consoleProfile": {
"url": "https://console-openshift-console.apps.########.westeurope.aroapp.io/"
},
"servicePrincipalProfile": {
"clientId": "########"
},
"networkProfile": {
"podCidr": "10.128.0.0/14",
"serviceCidr": "172.30.0.0/16"
},
"masterProfile": {
"vmSize": "Standard_D8s_v3",
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/master-subnet",
"encryptionAtHost": "Disabled"
},
"workerProfiles": [
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope1",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
},
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope2",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
},
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope3",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
}
],
"apiserverProfile": {
"visibility": "Private",
"url": "https://api.################.westeurope.aroapp.io:6443/",
"ip": "10.0.0.4"
},
"ingressProfiles": [
{
"name": "default",
"visibility": "Private",
"ip": "10.0.0.254"
}
]
}
}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://graph.microsoft.com//.default',), kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8fb4b10d-4fb3-41f7-a5d1-dfb1c7eef5aa
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId%20eq%20%27f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.10.10 (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31) AZURECLI/2.51.0 (DEB)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'f54597f9-57c5-4fff-bbdf-f7a56a12c488'
cli.azure.cli.core.util: 'CommandName': 'aro delete'
cli.azure.cli.core.util: 'ParameterSetName': '--resource-group --name --yes --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/servicePrincipals?$filter=appId%20eq%20%27f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875%27 HTTP/1.1" 403 None
cli.azure.cli.core.util: Response status: 403
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '0c9859ff-f7e1-41aa-b738-a9c3e851d8dd'
cli.azure.cli.core.util: 'client-request-id': '0c9859ff-f7e1-41aa-b738-a9c3e851d8dd'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"AM2PEPF0001C25B"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Thu, 10 Aug 2023 15:03:52 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: 'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
az_command_data_logger: 'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fc222b4eef0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 0.628 seconds (init: 0.184, invoke: 0.444)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7195 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/../../opt/az/bin/python3 /opt/az/lib/python3.10/site-packages/azure/cli/telemetry/init.py /root/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
cluster should be deleted
Environment Summary
{
"azure-cli": "2.51.0",
"azure-cli-core": "2.51.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response
Describe the bug
Unable to delete the ARO cluster via azure-cli using service principal
Followed instructions for creation of service principal in : https://learn.microsoft.com/en-us/azure/openshift/howto-create-service-principal?pivots=aro-azurecli
Related command
az aro delete --resource-group somegroup --name clustername--yes
Errors
The command failed with an unexpected error. Here is the traceback:
'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T14:58:10","request-id":"c0064339-88fa-4f0a-a1e1-df25735f41c8","client-request-id":"c0064339-88fa-4f0a-a1e1-df25735f41c8"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
Issue script & Debug output
cli.knack.cli: Command arguments: ['aro', 'delete', '--resource-group', '##########-aro', '--name', '####https://github.com//pull/3', '--yes', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7fc223a09360>, <function OutputProducer.on_global_arguments at 0x7fc223960280>, <function CLIQuery.on_global_arguments at 0x7fc22377d480>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'aro': ['azure.cli.command_modules.aro']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: aro 0.127 1 9
cli.azure.cli.core: Total (1) 0.127 1 9
cli.azure.cli.core: Loaded 1 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : aro delete
cli.azure.cli.core: Command table: aro delete
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7fc222b4ecb0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/root/.azure/commands/2023-08-10.15-03-52.aro_delete.37459.log'.
az_command_data_logger: command args: aro delete --resource-group {} --name {} --yes --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7fc222b677f0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7fc222bb1630>, <function register_cache_arguments..add_cache_arguments at 0x7fc222bb1750>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7fc223960310>, <function CLIQuery.handle_query_parameter at 0x7fc22377d510>, <function register_ids_argument..parse_ids_arguments at 0x7fc222bb16c0>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=AzureRedHatOpenShiftClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/service_principal_entries.json', encrypt=False
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /root/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: aa188edb-ee0c-4eef-9a40-bfb30fbc0479
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/#########################/resourceGroups/#########/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3?api-version=2022-09-04'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '1e74a3ff-378f-11ee-b114-73425c0a4518'
cli.azure.cli.core.sdk.policies: 'CommandName': 'aro delete'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --yes --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.51.0 (DEB) azsdk-python-azure-mgmt-redhatopenshift/1.2.0 Python/3.10.10 (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3 HTTP/1.1" 200 None
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'X-Ms-Request-Id': 'bedb0227-d0de-4ecb-89a0-dd93331b3648'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '11996'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '515753b3-2df9-4185-b8bf-b67c4ca24172'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20230810T150352Z:515753b3-2df9-4185-b8bf-b67c4ca24172'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Thu, 10 Aug 2023 15:03:52 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {
"id": "/subscriptions/#########################/resourcegroups/##########-aro/providers/Microsoft.RedHatOpenShift/openShiftClusters/#####3",
"name": "#####3",
"type": "Microsoft.RedHatOpenShift/openShiftClusters",
"location": "westeurope",
"systemData": {
"createdBy": "########@outlook.com",
"createdByType": "User",
"createdAt": "2023-08-08T07:37:11.1937626Z",
"lastModifiedBy": "########@outlook.com",
"lastModifiedByType": "User",
"lastModifiedAt": "2023-08-08T07:37:11.1937626Z"
},
"properties": {
"provisioningState": "Succeeded",
"clusterProfile": {
"domain": "########",
"version": "4.10.54",
"resourceGroupId": "/subscriptions/#########################/resourcegroups/aro-infra-lhyz71ur-#####3",
"fipsValidatedModules": "Disabled"
},
"consoleProfile": {
"url": "https://console-openshift-console.apps.########.westeurope.aroapp.io/"
},
"servicePrincipalProfile": {
"clientId": "########"
},
"networkProfile": {
"podCidr": "10.128.0.0/14",
"serviceCidr": "172.30.0.0/16"
},
"masterProfile": {
"vmSize": "Standard_D8s_v3",
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/master-subnet",
"encryptionAtHost": "Disabled"
},
"workerProfiles": [
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope1",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
},
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope2",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
},
{
"name": "####https://github.com//pull/3-mnzzr-worker-westeurope3",
"vmSize": "Standard_D8s_v3",
"diskSizeGB": 128,
"subnetId": "/subscriptions/#########################/resourceGroups/##########-aro/providers/Microsoft.Network/virtualNetworks/aro-vnet-lgksv42s/subnets/worker-subnet",
"count": 1,
"encryptionAtHost": "Disabled"
}
],
"apiserverProfile": {
"visibility": "Private",
"url": "https://api.################.westeurope.aroapp.io:6443/",
"ip": "10.0.0.4"
},
"ingressProfiles": [
{
"name": "default",
"visibility": "Private",
"ip": "10.0.0.254"
}
]
}
}
cli.azure.cli.core.util: Retrieving token for resource https://graph.microsoft.com/
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/a775278c-ce63-45e6-9667-524bec91ab1b/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
msal.application: Region to be used: None
cli.azure.cli.core.auth.msal_authentication: ServicePrincipalCredential.get_token: scopes=('https://graph.microsoft.com//.default',), kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8fb4b10d-4fb3-41f7-a5d1-dfb1c7eef5aa
cli.azure.cli.core.util: Request URL: 'https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId%20eq%20%27f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.10.10 (Linux-5.15.0-1042-azure-x86_64-with-glibc2.31) AZURECLI/2.51.0 (DEB)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'f54597f9-57c5-4fff-bbdf-f7a56a12c488'
cli.azure.cli.core.util: 'CommandName': 'aro delete'
cli.azure.cli.core.util: 'ParameterSetName': '--resource-group --name --yes --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): graph.microsoft.com:443
urllib3.connectionpool: https://graph.microsoft.com:443 "GET /v1.0/servicePrincipals?$filter=appId%20eq%20%27f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875%27 HTTP/1.1" 403 None
cli.azure.cli.core.util: Response status: 403
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '0c9859ff-f7e1-41aa-b738-a9c3e851d8dd'
cli.azure.cli.core.util: 'client-request-id': '0c9859ff-f7e1-41aa-b738-a9c3e851d8dd'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"AM2PEPF0001C25B"}}'
cli.azure.cli.core.util: 'x-ms-resource-unit': '1'
cli.azure.cli.core.util: 'Date': 'Thu, 10 Aug 2023 15:03:52 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: 'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
az_command_data_logger: 'GraphError' object has no attribute 'message'
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
r = send_raw_request(self._cli_ctx, method, url, resource=self._resource, uri_parameters=param,
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/util.py", line 1010, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Forbidden({"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2023-08-10T15:03:53","request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd","client-request-id":"0c9859ff-f7e1-41aa-b738-a9c3e851d8dd"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 170, in aro_delete
rp_client_sp_id = aad.get_service_principal_id(resolve_rp_client_id())
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/_aad.py", line 31, in get_service_principal_id
sps = self.client.service_principal_list(f"appId eq '{app_id}'")
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 179, in service_principal_list
result = self._send("GET", "/servicePrincipals" + _filter_to_query(filter))
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
raise GraphError(ex.response.json()['error']['message'], ex.response) from ex
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Insufficient privileges to complete the operation.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.10/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.10/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/opt/az/lib/python3.10/site-packages/azure/cli/command_modules/aro/custom.py", line 174, in aro_delete
logger.info(e.message)
AttributeError: 'GraphError' object has no attribute 'message'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fc222b4eef0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 0.628 seconds (init: 0.184, invoke: 0.444)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7195 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/../../opt/az/bin/python3 /opt/az/lib/python3.10/site-packages/azure/cli/telemetry/init.py /root/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
cluster should be deleted
Environment Summary
{
"azure-cli": "2.51.0",
"azure-cli-core": "2.51.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response