[BUG] New-PnPSiteFileVersionExpirationReportJob does not work with managed identity #5204
Replies: 6 comments
-
|
Is it possible for you to try same using the latest PnP PowerShell module which is 3.1.0 or even better with the latest nightly version? |
Beta Was this translation helpful? Give feedback.
-
|
I have tried them, what I have understood is the underlying commands do not support authentication via an app, if someone wants to use these commands they have to authenticate via a username and pwd |
Beta Was this translation helpful? Give feedback.
-
|
The error specified same, it will be up to Microsoft to update the behaviour to allow app only authentication. Have you tried it outside of Azure function using client id? |
Beta Was this translation helpful? Give feedback.
-
|
Yes I have tried it, it works as expected there, but as a part of automation and cloud only solution this was a huge setback. |
Beta Was this translation helpful? Give feedback.
-
|
Probably we need to update the documentation to reflect this limitation. Is it possible for you to raise with Microsoft to enable it in the background through the CSOM endpoint? I can't see it's possible to achieve through Graph API which could have been a solution. |
Beta Was this translation helpful? Give feedback.
-
|
I am converting to a discussion since it's not a bug but a limitation from Microsoft which needs to handle the possibility to use app only principal. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Description
I am trying to create a SPO site file version expiration report job using an Azure Function that uses a managed identity.
The
Connect-PnPOnlinecommand works fine, but when I runNew-PnPSiteFileVersionExpirationReportJobit fails.Error Message
It throws the below error:
NFORMATION: System.Management.Automation.PSInvalidOperationException: Cannot call this API with an app-only principal.
at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPConnectedCmdlet.cs:line 101
at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPSharePointCmdlet.cs:line 121
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
Also, my
requirements.psd1has this entry:'PnP.PowerShell' = '2.12.0'
Expected behavior
I should be able to generate the reports using managed identity if I am able to connect to the site.
Actual behavior
The command fails with the error above (Cannot call this API with an app-only principal.).
Steps to reproduce behaviour
Create an Azure function app, enable identity and then grant rights to the app(I have Sites.FullControl.All), then create a simple http triggered function and connect the site using command Connect-PnpOnline
run the command New-PnPSiteFileVersionExpirationReportJob
What is the version of the Cmdlet module you are running?
(you can retrieve this by executing
Get-Module -Name "PnP.PowerShell" -ListAvailable)Which operating system/environment are you running PnP PowerShell on?
Beta Was this translation helpful? Give feedback.
All reactions