azurepowershellazure-cliazure-cli2

Service Principal az cli login failing - NO subscriptions found


Trying to perform an az cli login using a Service Principal and it is throwing an error stating No subscriptions found for <Service_Principal_AppId>. If this is expected, use '--allow-no-subscriptions'. This code has worked fine previously but now it does not appear to work any longer. Command line being used is below:

$sp_appid = (Get-AzureRmADServicePrincipal -DisplayName $spDisplayName).ApplicationId.Guid
$sp_secret = (Get-AzureKeyVaultSecret -VaultName $kvName -Name $appKeySecretName).SecretValueText
az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id

I verified that the Service Principal is assigned the Contributor role at the subscription level.


Solution

  • Actually, I don't recommend you to mix the Azure Powershell and CLI together. If you insist on doing it, I have tried your script, I could not reproduce your issue, it works fine. According to the error, you could try to pass a --subscription, it also works.

    $sp_appid = (Get-AzADServicePrincipal -DisplayName joywebapp2).ApplicationId.Guid
    $sp_secret = (Get-AzKeyVaultSecret -VaultName joykeyvault1 -Name joywebapp2).SecretValueText
    $tenant_Id = "xxxxxxxxxxxx"
    $subscription_Id = "xxxxxxxxxxx"
    az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id --subscription $subscription_Id
    

    enter image description here

    Note: Due to the AzureRM powershell module has been deprecated, I use the new Az powershell module, if you want to upgrade to Az, see this link. (It may not be the reason of the issue, but I recommend you to upgrade it.)

    Update:

    We have to use AZ CLI simply for the property we are trying to grab...there is no PowerShell equivalent.

    Actually you can login with a service principal via powershell, the strong password is the secret, more details see this post.

    $azureAplicationId ="Azure AD Application Id"
    $azureTenantId= "Your Tenant Id"
    $azurePassword = ConvertTo-SecureString "strong password" -AsPlainText -Force
    $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
    Add-AzureRmAccount -Credential $psCred -TenantId $azureTenantId  -ServicePrincipal