Assign-Role-To-Current-User.ps1 script fails with multiple errors #72
Description
Describe:
When manually assigning roles using the command .\scripts\Assign-Role-To-Current-User.ps1, the script initially reports that the deployment-info.json file cannot be found (see screenshot).
After specifying the path as prompted, running .\scripts\Assign-Role-To-Current-User.ps1 -DeploymentInfoPath scripts\deployment-info.json results in the error: A value is required for property 'appId' of resource 'ServicePrincipal'.
Upon checking the script, it was found that the fields entraAppSpObjectId and entraAppClientId in the Assign-Role-To-Current-User.ps1 do not match ENTRA_APP_SP_OBJECT_ID and ENTRA_APP_CLIENT_ID in deployment-info.json. After modifying the fields and rerunning, the error Permission being assigned was not found on application occurred.
Investigating the Azure Portal revealed that although the MCP Tool Executor role existed, its Allowed member types were set to Applications. The script was actually attempting to assign the role to Users, causing the assignment failure.
Repro Steps:
- Run
git clone https://github.com/AzureCosmosDB/MCPToolKit.gitandcd MCPToolKit. - Deploy Infrastructure via Azure Developer CLI (azd up).
- Run
.\scripts\Deploy-Cosmos-MCP-Toolkit.ps1 -ResourceGroup "YOUR-RESOURCE-GROUP" -EntraAppName "My Custom MCP App". - Run
.\scripts\Assign-Role-To-Current-User.ps1.
Environment:
- OS: Windows
- Azd version: azd version 1.21.3 (commit b01891fc63b1faf9a9633cdc630deab0b4d569c4).
Expected behavior:
.\scripts\Assign-Role-To-Current-User.ps1 runs successfully.
@sajeetharan and @hemarina for notification.