Skip to content

Commit cd972db

Browse files
Copilotjtracey93
Copilot
and
jtracey93
authored
fix: HTTP 415 error in Grant-SubscriptionCreatorRole by removing incorrect JSON escaping (#486)
# Pull Request ## Issue Issue #, if available: ## Description `Grant-SubscriptionCreatorRole` fails with HTTP 415 "Unsupported Media Type" when attempting to grant the SubscriptionCreator role. The JSON payload passed to `az rest --body` was being corrupted by escaping all double quotes: ```powershell # Before (broken) $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 -Compress $roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"' # ← corrupts JSON # After (fixed) $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 ``` Changes: - Removed the quote escaping line that was corrupting the JSON payload - Removed unnecessary `-Compress` parameter - Added proper quoting around `$roleAssignmentPayloadJson` in the `--body` argument ## License By submitting this pull request, I confirm that my contribution is made under the terms of the projects associated license. > [!WARNING] > > <details> > <summary>Firewall rules blocked me from connecting to one or more addresses (expand for details)</summary> > > #### I tried to connect to the following addresses, but was blocked by firewall rules: > > - `www.powershellgallery.com` > - Triggering command: `/usr/bin/pwsh pwsh -Command Install-Module -Name InvokeBuild -Force -Scope CurrentUser; Install-Module -Name Pester -Force -Scope CurrentUser -SkipPublisherCheck` (dns block) > - Triggering command: `/usr/bin/pwsh pwsh -Command Get-PSRepository; Register-PSRepository -Default -ErrorAction SilentlyContinue; Set-PSRepository -Name PSGallery -InstallationPolicy Trusted -ErrorAction SilentlyContinue; Get-PSRepository` (dns block) > - Triggering command: `/usr/bin/pwsh pwsh -Command Register-PSRepository -Name PSGallery -SourceLocation REDACTED -InstallationPolicy Trusted; Get-PSRepository` (dns block) > > If you need me to access, download, or install something from one of these locations, you can either: > > - Configure [Actions setup steps](https://gh.io/copilot/actions-setup-steps) to set up my environment, which run before the firewall is enabled > - Add the appropriate URLs or hosts to the custom allowlist in this repository's [Copilot coding agent settings](https://github.com/Azure/ALZ-PowerShell-Module/settings/copilot/coding_agent) (admins only) > > </details> <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > ## Problem > > The `Grant-SubscriptionCreatorRole` function is failing with an HTTP 415 "Unsupported Media Type" error when attempting to grant the SubscriptionCreator role to a service principal. > > ### Error Details > > ``` > ERROR: Unsupported Media Type({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.16","title":"Unsupported Media Type","status":415,"traceId":"00-ac2e62d0a7bdc6a56e8393ae2d2b85af-99be01612e28a53a-01"}) > Grant-SubscriptionCreatorRole: The 'SubscriptionCreator' role could not be granted to the service principal. Please check the error message above and try again. > ``` > > ### Example Command > > ```powershell > Grant-SubscriptionCreatorRole -servicePrincipalObjectId "e5c27947-cc32-4147-91b7-865ad4536ece" -billingAccountID "7690848" -enrollmentAccountID "350580" > ``` > > ## Root Cause > > In the file `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1`, around line 137-138, the JSON payload is being incorrectly escaped: > > ```powershell > $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 -Compress > $roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"' > ``` > > The second line escapes all double quotes in the JSON string, which corrupts the JSON structure. When this malformed string is passed to `az rest --body`, the Azure REST API rejects it with an HTTP 415 error because it's no longer valid JSON. > > ## Solution > > Remove the line that escapes the quotes (line 138). The `az rest --body` parameter can handle the JSON string directly from `ConvertTo-Json` without additional escaping. > > ### Changes Needed > > In `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1`: > > 1. Remove the line: `$roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"'` > 2. Optionally remove the `-Compress` parameter from `ConvertTo-Json` as it's not necessary for `az rest` > > The corrected code should look like: > > ```powershell > $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 > > $grantRbac = $(az rest --method PUT --url "$managementApiPrefix$($billingResourceID)/billingRoleAssignments/$($roleAssignmentName)?api-version=2024-04-01" --body "$roleAssignmentPayloadJson") | ConvertFrom-Json > ``` > > ## Testing > > After the fix, the command should successfully grant the SubscriptionCreator role without the HTTP 415 error. > > ## Files to Modify > > - `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1` - Remove the problematic quote escaping line </details> *This pull request was created as a result of the following prompt from Copilot chat.* > ## Problem > > The `Grant-SubscriptionCreatorRole` function is failing with an HTTP 415 "Unsupported Media Type" error when attempting to grant the SubscriptionCreator role to a service principal. > > ### Error Details > > ``` > ERROR: Unsupported Media Type({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.16","title":"Unsupported Media Type","status":415,"traceId":"00-ac2e62d0a7bdc6a56e8393ae2d2b85af-99be01612e28a53a-01"}) > Grant-SubscriptionCreatorRole: The 'SubscriptionCreator' role could not be granted to the service principal. Please check the error message above and try again. > ``` > > ### Example Command > > ```powershell > Grant-SubscriptionCreatorRole -servicePrincipalObjectId "e5c27947-cc32-4147-91b7-865ad4536ece" -billingAccountID "7690848" -enrollmentAccountID "350580" > ``` > > ## Root Cause > > In the file `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1`, around line 137-138, the JSON payload is being incorrectly escaped: > > ```powershell > $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 -Compress > $roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"' > ``` > > The second line escapes all double quotes in the JSON string, which corrupts the JSON structure. When this malformed string is passed to `az rest --body`, the Azure REST API rejects it with an HTTP 415 error because it's no longer valid JSON. > > ## Solution > > Remove the line that escapes the quotes (line 138). The `az rest --body` parameter can handle the JSON string directly from `ConvertTo-Json` without additional escaping. > > ### Changes Needed > > In `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1`: > > 1. Remove the line: `$roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"'` > 2. Optionally remove the `-Compress` parameter from `ConvertTo-Json` as it's not necessary for `az rest` > > The corrected code should look like: > > ```powershell > $roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 > > $grantRbac = $(az rest --method PUT --url "$managementApiPrefix$($billingResourceID)/billingRoleAssignments/$($roleAssignmentName)?api-version=2024-04-01" --body "$roleAssignmentPayloadJson") | ConvertFrom-Json > ``` > > ## Testing > > After the fix, the command should successfully grant the SubscriptionCreator role without the HTTP 415 error. > > ## Files to Modify > > - `src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1` - Remove the problematic quote escaping line <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/Azure/ALZ-PowerShell-Module/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jtracey93 <41163455+jtracey93@users.noreply.github.com>
1 parent 9c5ac39 commit cd972db

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

src/ALZ/Public/Grant-SubscriptionCreatorRole.ps1

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -132,10 +132,9 @@ Grant-SubscriptionCreatorRole -servicePrincipalObjectId "bd42568a-7dd8-489b-bbbb
132132
"principalTenantId" = $tenantId
133133
}
134134
}
135-
$roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100 -Compress
136-
$roleAssignmentPayloadJson = $roleAssignmentPayloadJson -replace '"', '\"'
135+
$roleAssignmentPayloadJson = $roleAssignmentHashTable | ConvertTo-Json -Depth 100
137136

138-
$grantRbac = $(az rest --method PUT --url "$managementApiPrefix$($billingResourceID)/billingRoleAssignments/$($roleAssignmentName)?api-version=2024-04-01" --body $roleAssignmentPayloadJson) | ConvertFrom-Json
137+
$grantRbac = $(az rest --method PUT --url "$managementApiPrefix$($billingResourceID)/billingRoleAssignments/$($roleAssignmentName)?api-version=2024-04-01" --body "$roleAssignmentPayloadJson") | ConvertFrom-Json
139138

140139
if ($null -eq $grantRbac) {
141140
$errorMessage = "The 'SubscriptionCreator' role could not be granted to the service principal. Please check the error message above and try again."

0 commit comments

Comments
 (0)