Invalid value found at accessPolicies[0].ObjectId -- possible issue with deprecated Azure AD Graph properties

[warrenbuhler]

Bug

On Microsoft CLI 2.37.0, the deploy script for Learn-LTI fails on creating the key vault resource which causes the entire deploy to fail.

ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[ {"code":"NotFound","message":"{\r\n "error": {\r\n "code": "ParentResourceNotFound",\r\n
"message": "Can not perform requested operation on nested resource. Parent resource 'kv-6i5ioyg4m' not found."\r\n }\r\n}"},

{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "BadRequest",\r\n "message": "Invalid value found at accessPolicies[0].ObjectId: "\r\n }\r\n}"}]}}

I believe this is related to the deprecation of Azure Active Directory Graph and migration to Microsoft Graph. (Blog details -- https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-overview and https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration)

Most relevant point from the second link, "For example, the most outstanding change is that the objectId property in the output JSON of a Graph object is replaced by id." The command currently used in Deploy.ps1 to set the $userObjectId variable no longer works

$userObjectId = az ad signed-in-user show --query objectId

C:>az ad signed-in-user show --query objectId This command or command group has been migrated to Microsoft Graph API. Please carefully review all breaking changes introduced during this migration: https://docs.microsoft.com/cli/azure/microsoft-graph-migration

If I modify the deploy script to use "id" instead, the command works and the deploy script gets farther. C:>az ad signed-in-user show --query id This command or command group has been migrated to Microsoft Graph API. Please carefully review all breaking changes introduced during this migration: https://docs.microsoft.com/cli/azure/microsoft-graph-migration "648a518a-931e-4c5d-8a13-d6813e66770b"

According to the blog post, Azure AD Graph shouldn't be deprecated yet but it appears at least this property is deprecated on my CLI version. I see many more warnings in the output about commands being migrated to Microsoft Graph API and the deploy script is currently failing for me on another step, so there may be other deprecation issues. We are doing some testing and troubleshooting to confirm these aren't issues on our end and will open up other bug or issue reports if we discover problems.

To Reproduce Steps to reproduce the behavior:

1. Use Microsoft CLI version 2.37.0
2. Run "run.bat" within Learn-LTI : deployment folder
3. Enter appropriate values at any prompt
4. See error in step 6, creating resources

Expected behavior I would expect the deployment of Azure resources to complete without errors and for the entire deploy script to complete out of the box.

Screenshots

LMS (please complete the following information): NA

Desktop (please complete the following information):

• OS: Windows
• Browser chrome
• Version Windows 11 Home, 10.0.22000 Build 22000

Smartphone (please complete the following information): NA

Additional context

[warrenbuhler]

Note -- I downgraded my Azure scripts to 2.27 and the deploy worked again. I continued to have issues on the higher version that we never fully worked through.

[leestott]

Note -- I downgraded my Azure scripts to 2.27 and the deploy worked again. I continued to have issues on the higher version that we never fully worked through.

This has been resolved with changes to the installation script which check what versions of the CLI are installed