MicrosoftDocs
Suggestion on SP_ID naming and `az ad sp` explainer
The SP_ID is actually the appId. Should we change the naming?
Also would be nice to add a notice for older az ad sp search, so the user will know why is a change to az ad app. Since az ad sp credential list --id "$SP_ID" --query "[].endDateTime" -o tsv will no longer return the value. (#103949)
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
- ID: 0b842222-f6ac-5266-227f-7e400610e07b
- Version Independent ID: 429cd3bf-2691-f633-2e0d-e70e5d8d0e03
- Content: Update or rotate the credentials for an Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service
- Content Source: articles/aks/update-credentials.md
- Service: azure-kubernetes-service
- GitHub Login: @MGoedtel
- Microsoft Alias: magoedte
@m8yng Thanks for your feedback! We will investigate and update as appropriate.
@m8yng I'm going to assign this to the document author so they can take a look at it accordingly.
@MGoedtel please review it.
Hi, @m8yng, thank you for your feedback. I just tested and ran into no issues. I first ran az ad sp credential list --id myID --query "[].endDateTime" -o tsv, then tried az ad app credential list --id myID --query "[].endDateTime" -o tsv, and I received the same output. I'm running the latest version of Azure CLI. I'm not sure why this command doesn't return anything for you. Could you please share additional context? I'm not sure a doc update needs to be made here. Thanks!
As we have not heard back, we will now close this GitHub issue. Thank you! #please-close
Hi @schaffererin, sorry for the delayed response.
I later find out it is because I am testing against the fresh SP object. And there are yet to have any key values.
Environment and versions:
Cloud Shell / bash
$ az version
Azure-cli Azure-cli-core Azure-cli-telemetry
----------- ---------------- ---------------------
2.49.0 2.49.0 1.0.8
Steps to reproduce:
-
Create a new SP:
$ az ad sp create-for-rbac --role Contributor --scopes /subscriptions/$currentSubscriptionID -
Query the expiration date from the SP
$ az ad sp credential list --id $SPappID --query "[].endDateTime" -o json
And the output return an empty array:
[]
Attaching entire object output for reference, from az ad sp show --id $SPappID -o json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity",
"accountEnabled": true,
"addIns": [],
"alternativeNames": [],
"appDescription": null,
"appDisplayName": "azure-cli-2023-06-30-03-14-07",
"appId": "<redacted>",
"appOwnerOrganizationId": "<redacted>",
"appRoleAssignmentRequired": false,
"appRoles": [],
"applicationTemplateId": null,
"createdDateTime": "2023-06-30T03:14:12Z",
"deletedDateTime": null,
"description": null,
"disabledByMicrosoftStatus": null,
"displayName": "azure-cli-2023-06-30-03-14-07",
"homepage": null,
"id": "<redacted>",
"info": {
"logoUrl": null,
"marketingUrl": null,
"privacyStatementUrl": null,
"supportUrl": null,
"termsOfServiceUrl": null
},
"keyCredentials": [],
"loginUrl": null,
"logoutUrl": null,
"notes": null,
"notificationEmailAddresses": [],
"oauth2PermissionScopes": [],
"passwordCredentials": [],
"preferredSingleSignOnMode": null,
"preferredTokenSigningKeyThumbprint": null,
"replyUrls": [],
"resourceSpecificApplicationPermissions": [],
"samlSingleSignOnSettings": null,
"servicePrincipalNames": [
"<redacted>"
],
"servicePrincipalType": "Application",
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"verifiedPublisher": {
"addedDateTime": null,
"displayName": null,
"verifiedPublisherId": null
}
}