I am trying to add multiple resourceAccesses to an azure app while creating. When I try to add one scope the deployment getting succeeded, but while trying to add multiple scopes it throws an error like this
ERROR: Request contains a property with duplicate values.
Failed Azure CLI Command: az ad app create --display-name MytestApp --native-app false --required-resource-accesses 'C:\Users\AzDevOps\AppData\Local\Temp<somefilename>.hwd' --reply-
By creating the permission object like this ,
$Aad = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$Aad.ResourceAppId = $msGraphPrincipal.AppId
$delPermission1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "37f7f235-527c-4136-accd-4a02d197296e", "Scope"
$delPermission2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0", "Scope"
$delPermission3 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "7427e0e9-2fba-42fe-b0c0-848c9e6a8182", "Scope"
$delPermission4 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "14dad69e-099b-42c9-810b-d002981feec1", "Scope"
$delPermission5 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "Scope"
$Aad.ResourceAccess = $delPermission1, $delPermission2, $delPermission3, $delPermission4, $delPermission5
I will save this object in a JSon file. After that using this
az ad app create <req codes> --required-resource-accesses <scopes from Json file>
command , I am trying to add the resorceAccesses in the app create command. Did I miss anything or is there any other command to follow for adding multiple scopes?
Additional info : The graph version is v1
Edit the Json file data would be like :
[
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
}
],
"resourceAppId": "00"
},
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0",
"type": "Scope"
}
],
"resourceAppId": "00"
},
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
}
],
"resourceAppId": "00"
},
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
}
],
"resourceAppId": "00"
},
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
}
],
"resourceAppId": "00"
}
]
CodePudding user response:
As Bluuf and Mathias mentioned the issue was with my JSon file.
Based on this comment by Bluuf :
The structure of the json seems incorrect for this, you should only have one "resourceAccess" node per resourceApp, under the resourceaccess (array) you should list ALL permissions required for that resource.
I have re-written the logic for creating the Json file. After changing the logic the Json file has the value similar like this.
[
{
"resourceAccess": [
{
"additionalProperties": null,
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
},
{
"additionalProperties": null,
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"additionalProperties": null,
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
}
],
"resourceAppId": "00"
}
]
After this change I am able to add multiple scopes to the Azure App.