With this reference, https://learn.microsoft.com/en-us/bot-framework/deploy-bot-local-git
I executed command as follows.
$ azure site create --git my-app-name
Then, an error message appeared.
info: Executing command site create
error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
error: Error information has been recorded to C:\Users\yokoyamt\.azure\azure.err
error: site create command failed
I've tried in another azure account, which I have "power-user", then
A new Resource group was created and the app service was deployed in it.
But in this time, I haven't enough role to create new resource group.
So I guessed If I had specify resource group when I create app via azure-cli.
Can anyone put some light on this?
> az account list --output table
Name CloudName SubscriptionId State IsDefault
-------- ----------- ------------------------------------ ------- -----------
従量課金 AzureCloud my-subscription-id Enabled True
azure site is a classic(asm) mode resource, azure web is a arm mode resource. You should give your account co-admin permission in classic Portal. New Portal does not work on it. Please refer to this question.
According to your description, you want to deploy a web app on Azure. You could use Azure CLI 2.0 to do this. Please refer to this link.
Related
I have a DevOps release pipeline pushing out (via CLI on a VM) to a dev resource group happily. When I add a stage pushing to an identical QA resource group I get the below.
ERROR: (AuthorizationFailed) The client '' with object id '' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions//resourceGroups//providers/Microsoft.Web/sites//config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials.
Is there a place I should be looking at first?
The error is due to the service principa(in azure devops, typically is 'service connection') doesn't have correct role/permission on the target resource.
Please find your service connection in Project settings.
Click Manage Service Principal which will redirect you to the Application Registration of the Service Principal. All you need to do here is copy the name (the default format is <account>-<prject>-<GUID>).
Go back and click Manage service connection roles which will redirect you to the IAM blade of the Azure Subscription. Here you need to assign a role to the service principal of which you copied the name of in the previous step. you can add it as subscription owner/contributor role on the target subscription simply.
You can check similar answer here.
I'm following the instructions here to create an azure static web app from the cloud shell, using the command:
az webapp up --location westindia --name static-webapp-test --html
Getting the following Unauthorized error :
The webapp 'static-webapp-test' doesn't exist Creating Resource group 'anubhav.das_rg_8008' ... Resource group creation complete Creating AppServicePlan 'anubhav.das_asp_4721' ... Operation returned an invalid status 'Unauthorized'
I have seen these type of errors like preventing the user from creation of resources due to role restrictions or access level restrictions in the subscription.
Please check your role (should be owner or contributor or user access administrator) and filters added in the Azure Active Directory.
It is recommended to use the latest version of CLI.
If you are using the older version run the below cmdlet to upgrade the CLI to latest version :
az upgrade --yes
I have followed the steps provided in the given documentation, we are able to create the static web app successfully :
Selected Azure Cloud Shell and given the following settings like my subscription, location, resource group name, storage account name, file share name for working on the cloud shell.
Cloned the git hub project to my azure account as you can see in below screenshot:
Also created another same type of application with the name you have given:
As I can see there is no issue in creation of static html web app though I have existing resource group using for working with cloud shell, it is creating new resource group for the web app purpose by using the given commands in the documentation and working good without any access restriction like authorization as my role belongs to Contributor.
I created a bot with the Microsoft Enterprise Bot Template, and now I want to deploy it to Azure. I am following this guide, but I am getting the following error after the following command
Command :
msbot clone services --name "YOUR_BOT_NAME"
--luisAuthoringKey "YOUR_AUTHORING_KEY"
--folder "DeploymentScripts\LOCALE_FOLDER"
-- location "REGION"
Error:
Command failed: az group create -g MyBot -l "region" --subscription KEY
ERROR: The client 'abcd' with object id '679ebaf5-4345-408c-87ef-
9c3bd2795a94' does not have authorization to perform action
'Microsoft.Resources/subscriptions/resourcegroups/write' over scope
'/subscriptions/abcd/resourcegroups/MyBot'.
this means you lack permissions to perform this action, you need to grant your service principal\user permissions (contributor is the easiest way to solve this) to perform that operation. you can grant them on specific resource group or on the subscription.
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
you need to have contributor access on the resource group that you are creating the bot in.
also ensure that Microsoft.BotService is a registered service on the subscription.
Currently im trying to create dynamic environments via AzureDevops.
One of these steps to achieve this is to take a copy of our production databases and place them in a temp resource group (Production Subscription) and then move the sql server and associated databases to our non-production subscription. From here we then create the web apps and deploy code.
When i run this via Az Cli i am able to move the resources with the following
SQLSERVERID=$(az resource show -g $RSGNAMETEMP -n $SQLSERVERNAME --resource-type "Microsoft.Sql/servers" --query id --output tsv)
az resource move --destination-group $RSGNAME --ids $SQLSERVERID --destination-subscription-id $SANDBOXSUBSCRIPTIONID
However when i run this via AzureDevops i get the following error
ERROR: The client (...) with object id (...) has permission to perform action on scope however, it does not have permission to perform action (...) on the linked scope(s).
I believe this problem is happening when you configure the AZ Cli step in AzureDevops you select the Subscription from the drop down list. The account / service principal only has access rights to that specific subscription and not to multiple. Is it possible to configure a service principal (that can be used in AzureDevops) that can connect to multiple subscriptions?
Yes, just go to Azure portal, navigate to the desired subscription blade, go to Access Control, press + sigh at the top and add your principal as a contributor to the subscription.
to find service principal name use this:
Click Manage link in the Azure Subscription field in your VSTS job, it will navigate you to a new blade. Click Manage Service Principal there. It will take you to the application page in Azure AD. After that you can copy name under Managed application in local directory field and use that name to grant it Key Vault permissions.
I'm trying to setup Azure CLI. The first step is to create a storage for account files. I'm using my Developer Program Benefit subscription.
After I click "Create storage" I get an error:
Storage creation failed
Error:409
{"error":{"code":"MissingSubscriptionRegistration","message":"The subscription is not registered to use namespace 'Microsoft.Storage'. See https://aka.ms/rps-not-found for how to register subscriptions."}}
Can't create a storage account. Please try again.
How to resolve this issue?
The reason you're getting this error is because Microsoft.Storage resource provider which manages Storage Account related resources and activities is not registered with your Azure Subscription.
To fix this, please run the following command:
azure provider register --namespace "Microsoft.Storage" --subscription "<your subscription name or id>"
To get the subscription name/id, please run the following command:
azure account list
For more details on why you're getting this error, please see this: The subscription is not registered to use namespace 'Microsoft.DataFactory error
If you prefer GUI, then you can do it on the Azure portal too:
On the left pane click More services and then select Subscriptions
Select the subscription, in our case Developer Program Benefit
In the Settings area click Resource providers
Find Microsoft.Storage and click Register
This same error with detailed solutions are provided in this post:
How to fix Azure Cloud Shell error "MissingSubscriptionRegistration - The subscription is not registered to use namespace 'Microsoft.Storage'"