azure-saas
azure-saas copied to clipboard
Azure
SaaS Permissions API deployment script run.sh fails with errors
I successfully deployed Identity Foundation Services and m attempting to run the SaaS Permissions API deployment script.
cd /mnt/.../azure-saas/src/Saas.Identity/SaaS.Permissions/deployment
./setup.sh
./run.sh
Running the script fails with the following results,
### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.
### Critical Error ###
Failed to get Identity Bicep deployment output parameters
I tried logging into the Azure CLI with az login --use-device-code and setting the subscription with az account set -s subscriptionId.
I'm using Windows 11, WSL 2, Azure CLI 2.56.0, and GitHub CLI 2.41.0.
Thank you @ScottStefanich. Will try and see if we can repo this.
I did test the install a week ago w/o running in to this issue. Only change since then is Azure CLI 2.55 -> 2.56.
Did you try and install the Amin Service API before installing the Permissions API? I looks like the error has to do with the script not being able to download the output deployment parameters from an earlier deployment.
Running the SaaS.Admin deployment script results in the same two errors (MSAL token cache and Identity Bicep deployment output parameters).
The deployment named 'IdentityFoundationDeployment' successfully completed.
The deployment Output has the following parameters,
version
location
environment
appConfigurationName
keyVaultName
keyVaultUri
appServicePlanName
userAssignedIdentityName
userAssignedIdentityId
sqlServerFQDN
sqlDbServerName
applicationInsightsName
logAnalyticsWorkspaceName
automationAccountName
@1iveowl, can you confirm the SaaS Administration Service API deployment script attempts to retrieve these parameters?
I want to report this other error. but first few observation notes:
- It asked me for
azureAdB2CInstanceURLwhich is not mentioned in here doc but I think is related to the one mentioned later on swagger:
"deployment": {
...
"azureb2c": {
...
"tenantId": "***GUID***",
"instance": "https://***.b2clogin.com"
},
...
}
- About the error, seems Azure is no longer accepting this parameter?
Please provide string value for 'azureAdB2CInstanceURL' (? for help): https://********.b2clogin.com
{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The template parameters 'azureAdInstance' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'version, keyVaultName, keyVaultUri, azureB2CDomain, azureB2cTenantId, azureAdB2CInstanceURL, signedOutCallBackPath, signUpSignInPolicyId, baseUrl, clientId, userAssignedIdentityName, appConfigurationName, certificateKeyName'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}
### Critical Error ###
Failed to deploy to permissions-api. This sometimes happens, please try again.
The solution for this, was replacing azureAdInstance for azureAdB2CInstanceURL in the parameter file src\Saas.Identity\Saas.Permissions\deployment\bicep\parameters\config-entries-parameters.json
and
src\Saas.Identity\Saas.Permissions\deployment\script
I restarted the procedure with a new Entra ID tenant and updated the following,
- WSL
- Ubuntu 22.04 LTS
- Docker Desktop
- Azure CLI
- GitHub CLI
The Identity Provider deployment script completed without errors on the first try.
The Permissions API deployment script encountered the same error,
### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.
### Critical Error ###
Failed to get Identity Bicep deployment output parameters