ERROR: deployment failed: PrincipalNotFound: Principal does not exist in the directory

[vykhand]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ X] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Latest MacOS, following the README

1. checked out repo
2. Installed azd; ran azd login
3. running azd up
4. Getting multiple errors like this:

ERROR: deployment failed: error deploying infrastructure: failed deploying: deploying to subscription:

Deployment Error Details: PrincipalNotFound: Principal <CENSORED> does not exist in the directory <CENSORED>. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. See https://aka.ms/docs-principaltype

5. moreover, seems like the azd down command (or manually wiping the RG) does not do the proper clean up, as after the azd up the deployment complains about many conflicts, in particular for form recognizer and openai

Any log messages given by the failure

Expected/desired behavior

Is it a bug or am I missing a set up step?

OS and Version?

MacOS Ventura 13.3

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

[itsamk]

You seem to have missed initializing the project using azd init -t azure-search-openai-demo. This should likely solve your problem. Another hack is to just hardcode the Principal ID (which is the Object ID of your user that can be viewed in Azure Active Directory) in main.parameters.json, but that shouldn't really be needed.

[vykhand]

Hi Amol @itsamk , thanks for getting back so fast, I don't seem to be missing this step as azd up is supposed to do it

    up          : Initialize application, provision Azure resources, and deploy your project with a single command.

and unfortunately I can't reinitialize it, as it says:

? Overwrite files with versions from template? Yes

ERROR: environment already initialized to chatgpt-cogsearc

Regarding hardcoding the principal, I am trying it now, I see that it was complaining about different Object ID before than that of my user in AD. It seems to work better now, it does not complain about principal not being found in AD.

First time I ran azd up, it created a lot of resources, but then failed. All subsequent times after cleaning up with azd down and trying again it also fails to create two resources, complaining about conflicts. I think the reason is that the OpenAI and FormRecognizer are soft-deleted and need to be purged as a part of cleanup.

[vykhand]

Hi @itsamk!

I was able to investigate a bit more the first problem (the wrong principal ID). I deleted the .azure folder, re-issued az init command, explicitly specifying the subscription, and I see in .azure//.env that the principal ID is totally wrong. I am not sure where it gets this ID, I was not able to find it anywhere. I have replaced it with my user's object ID and the deployment is now failing with a different error message, probably worthy of a separate issue:

Executing predeploy hook => /var/folders/mf/1n_x1d_51fs2m4_6tj03p9jm0000gn/T/azd-predeploy-1147299210.sh
/var/folders/mf/1n_x1d_51fs2m4_6tj03p9jm0000gn/T/azd-predeploy-1147299210.sh: line 4: npm: command not found
/var/folders/mf/1n_x1d_51fs2m4_6tj03p9jm0000gn/T/azd-predeploy-1147299210.sh: line 4: npm: command not found

ERROR: failed running pre hooks: 'predeploy' hook failed with exit code: '127', Path: '/var/folders/mf/1n_x1d_51fs2m4_6tj03p9jm0000gn/T/azd-predeploy-1147299210.sh'. : exit status 127

Indeed, I do not have the npm locally, but the README file does not mention that I need it for deployment.

On the second problem (clean-up issues), I was not able to find the way to purge the OpenAI and Form Recognizer automatically, so each time before the re-deploy, one has to purge the resources manually. If this is the only way, perhaps would be a good idea to document it.

[vykhand]

So, after installing npm and re-running the azd up, I was able to deploy everything correctly. In summary, I believe we have 3 issues:

1. Some kind of problem identifying Principal ID correctly in some cases. Hard to say, what causes this.
2. Clean-up issues - azd down does not purge the resources, making it impossible to redeploy without manual intervention
3. npm dependency for deployment is not documented. It is only mentioned that npm is needed for the local run

[cforce]

1.) What about changing infra/core/security/role.bicep param principalType string = 'User' ?

[Nithyashree-coder]

Hi Amol @itsamk , thanks for getting back so fast, I don't seem to be missing this step as azd up is supposed to do it

    up          : Initialize application, provision Azure resources, and deploy your project with a single command.

and unfortunately I can't reinitialize it, as it says:

? Overwrite files with versions from template? Yes

ERROR: environment already initialized to chatgpt-cogsearc

Regarding hardcoding the principal, I am trying it now, I see that it was complaining about different Object ID before than that of my user in AD. It seems to work better now, it does not complain about principal not being found in AD.

First time I ran azd up, it created a lot of resources, but then failed. All subsequent times after cleaning up with azd down and trying again it also fails to create two resources, complaining about conflicts. I think the reason is that the OpenAI and FormRecognizer are soft-deleted and need to be purged as a part of cleanup.

Delete subfolders in .azure

[Nomomdx]

Any Updates Here?

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.