I'm writing a python script that is intended to create Event Grid Topics.
I'm following a couple of Microsoft tutorials and Github repos and have written some python code to create topics.
Python samples: https://docs.microsoft.com/en-us/samples/azure-samples/event-grid-python-public-consume-events/event-grid-python-public-consume-events/
Github Repos: https://github.com/Azure-Samples/event-grid-python-public-consume-events
Azure Service Principal: https://azure.microsoft.com/documentation/articles/resource-group-create-service-principal-portal
I've come up with this python code:
def CreateOrUpdateTopics(subscriptionId, clientId, clientSecret,tenantId,resourceGroup,location, topics):
credentials = ServicePrincipalCredentials(
client_id=clientId,
secret=clientSecret,
tenant=tenantId
)
print("\nCreate event grid management client")
event_grid_client = EventGridManagementClient(credentials, subscriptionId)
for topic in topics:
print(f'\nCreating EventGrid topic {topic}')
topic_result_poller = event_grid_client.topics.create_or_update(resourceGroup,
topic,
Topic(
location=location,
tags={'createdBy': 'MCCC'}
))
# Blocking call
topic_result = topic_result_poller.result()
## ERROR SHOWS UP HERE
print(topic_result)
When I execute the code I receive a message
The client 'zzzz' with object id 'zzzz' does not have authorization to perform action 'Microsoft.EventGrid/topics/write' over scope '/subscriptions/zzz/resourceGroups/MCCC-RG/providers/Microsoft.EventGrid/topics/Temperature' or the scope is invalid. If access was recently granted, please refresh your credentials.
I registered a new app in Azure Active Directory:
I've also assigned a role to the resource group for the SP.
It seems like i'm missing some role access on my service principle though I can't seem to find a reference to what it should be.
Could you please point me in the right direction?
