Unable to set AppRoles for service principle

[Jamie-Clayton]

Describe the bug

Attempting to associate a Service Principle with an Application via powershell and then add "Contributor role" for a resource group

Command Name az ad sp update

Errors:

Unable to build a model: Cannot deserialize as [AppRole] an object of type <class 'str'>, DeserializationError: Cannot deserialize as [AppRole] an object of type <class 'str'>
Traceback (most recent call last):
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 571, in body
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 1261, in _deserialize
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 1270, in _deserialize
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 1450, in deserialize_data
...
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 1450, in deserialize_data
Temp\pip-unpacked-wheel-ib_p0vwa\msrest\serialization.py, ln 1479, in deserialize_iter
msrest.exceptions.SerializationError: Unable to build a model: Cannot deserialize as [AppRole] an object of type <class 'str'>, DeserializationError: Cannot deserialize as [AppRole] an object of type <class 'str'>

To Reproduce:

# Change the following variables as needed
$appName = "Icecream App"
$appOwnerObjectId = "00000000-0000-0000-0000-000000000000" # az ad user list (find your name).
$appHomePage = "https://icecreamery.good"
$appIdentUri = "https://icecreamery.flavour"

az login

Write-Output "Creating AAD application..."
$azureAdAppId = az ad app create --display-name $appName --homepage $appHomePage --identifier-uris $appIdentUri --credential-description "OctopusDeploy" --query 'appId' -o tsv
az ad app owner add --id $azureAdAppId --owner-object-id $appOwnerObjectId

$azureServicePrinciple = az ad sp create --id $azureAdAppId | ConvertFrom-Json

# THIS IS THE PROBLEM LINE that triggers the error.  (Feels like AppRoles is more complex that my guess)
az ad sp update --id $azureServicePrinciple.appId --set appRoles=contributor

# And this is the scope for the contributor role, which I figure is the next thing to set after this.
#az ad sp update --id $azureServicePrinciple.appId --set scopes="/subscriptions/$subscriptionId/resourceGroups/$appResourceGroup"

Expected Behavior

The CLI documentation for --add or --set option includes better examples of the relevant data. The CLI parses the --add and --set data and provides appropriate feedback prior to execution if 'poor' data is provided.

Environment Summary

Windows-10-10.0.19041-SP0
Python 3.6.8
Installer: MSI

azure-cli 2.10.1

Additional Context

[yonzhan]

add to S175

[RakeshMohanMSFT]

@Jamie-Clayton We sincerely apologies for the delay, can you please confirm if you are still facing this issue?

[ghost]

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!