Azure
az webapp list shows CryptographyDeprecationWarning
Describe the bug
We started noticing our scripts throwing warnings for az commands as below since last three days. We have been using azure cloud shell to run the az commands.
/usr/lib64/az/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0. "cipher": algorithms.TripleDES,
Related command
az webapp list, az appservice plan list
Errors
/usr/lib64/az/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0. "cipher": algorithms.TripleDES, /usr/lib64/az/lib/python3.9/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0. "class": algorithms.TripleDES,
Issue script & Debug output
when running az appservice plan list --debug
cli.knack.cli: Command arguments: ['appservice', 'plan', 'list', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f36de3851f0>, <function OutputProducer.on_global_arguments at 0x7f36de246b80>, <function CLIQuery.on_global_arguments at 0x7f36de1e0160>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'appservice': ['azure.cli.command_modules.appservice']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: appservice 0.188 79 270
cli.azure.cli.core: Total (1) 0.188 79 270
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ai-examples 0.092 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples
cli.azure.cli.core: Total (1) 0.092 1 1
cli.azure.cli.core: Loaded 80 groups, 271 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : appservice plan list
cli.azure.cli.core: Command table: appservice plan list
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f36dd63d790>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/msever03/.azure/commands/2024-10-08.12-22-32.appservice_plan_list.23067.log'.
az_command_data_logger: command args: appservice plan list --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.
Expected behavior
It should list the appservice plan in the subscription without the warning
Environment Summary
{ "azure-cli": "2.65.0", "azure-cli-core": "2.65.0", "azure-cli-telemetry": "1.1.0", "extensions": { "ai-examples": "0.2.5", "datafactory": "1.0.2", "ml": "2.30.1", "ssh": "2.0.5" } }
Python Version: 3.9.19
Additional context
Please be informed these commands are being run inside the cloud shell so there is no alternative vm/system to test it.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
Worth noting that similar issues have appeared before https://github.com/Azure/azure-cli/issues/25406 This is once again breaking scripts and pipelines, and there's no way to suppress it.
This is affecting our organization as well, most if not all pipelines inoperable.
Edit: This is happening on multiple CLI commands. We run physical agents, downgrading to 2.64.0 circumvents this error.
We've just encountered the same issue with az webapp list in our organisation, which is impacting numerous Azure DevOps pipelines. I suspect the Azure CLI update has recently been pushed to the Microsoft Hosted agents that are allocated to our agent pool.
Has there been any progress on this issue? Also any idea of a workaround so we can get back to deploying our apps?
@brianhodgman
One could use a workaround, as mentioned in this comment: https://github.com/Azure/azure-cli/issues/25406#issuecomment-1438417076
# This is a workaround for a bug in Azure CLI 2.65.0, see Bug https://github.com/Azure/azure-cli/issues/30048
- task: Bash@3
name: InstallAzureCLI
displayName: 'Install AZ CLI 2.64.0 as workaround'
inputs:
targetType: 'inline'
script: |
pip install azure-cli==2.64.0 --break-system-packages
- task: AzureCLI@2
....
Looking forward to a fix 🙂
One could use a workaround, as mentioned in this comment: #25406 (comment)
# This is a workaround for a bug in Azure CLI 2.65.0, see Bug https://github.com/Azure/azure-cli/issues/30048 - task: Bash@3 name: InstallAzureCLI displayName: 'Install AZ CLI 2.64.0 as workaround' inputs: targetType: 'inline' script: | pip install azure-cli==2.64.0 --break-system-packages - task: AzureCLI@2 ....Looking forward to a fix 🙂
I tried the workaround but unfortunately --break-system-packages throws an error for me. If I remove it, it works but I receive other errors that versions do not match (but it goes through afterwards anyway). Any idea how to fix this?
One could use a workaround, as mentioned in this comment: #25406 (comment)
# This is a workaround for a bug in Azure CLI 2.65.0, see Bug https://github.com/Azure/azure-cli/issues/30048 - task: Bash@3 name: InstallAzureCLI displayName: 'Install AZ CLI 2.64.0 as workaround' inputs: targetType: 'inline' script: | pip install azure-cli==2.64.0 --break-system-packages - task: AzureCLI@2 ....Looking forward to a fix 🙂
Thanks for the suggestion @manuelblum! I had to update the command to the following for it to work in my environment, and it's working well. I'm looking forward to a proper fix too 🙂
- task: Bash@3
name: InstallAzureCLI
displayName: 'Install AZ CLI 2.64.0 as workaround'
inputs:
targetType: 'inline'
script: |
pip install --force-reinstall azure-cli==2.64.0
Hey @sit-md, maybe try the above to see if that works for you?
Hey @sit-md, maybe try the above to see if that works for you?
This did it for us. Thank you very much! Pipeline is up and running again 👍
From my perspective, it could be caused by: https://github.com/Azure/azure-cli/issues/30148
This bug breaks our deploy pipelines too, but the fix mentioned above worked for us.
Note: DO NOT forget the --force-reinstall flag!
- task: Bash@3
name: InstallAzureCLI
displayName: 'Install AZ CLI 2.64.0 as workaround'
inputs:
targetType: 'inline'
script: |
pip install --force-reinstall azure-cli==2.64.0
Hi, we are also impacted in our company. @seligj95 do you have an ETA for a fix? Thank you in advance
Seeing the same issue. PIpeline tasks suddenly started failing because of this "warning".
This isn't the first time this happened. Could you please tidy up the QA process and not release broken versions that makes thousands and thousands of pipelines fail. Have you any idea how much developer and devops time (globally) you are wasting like that? Ironically if you would set your build/test pipeline to fail on stderr this release would have never made it.
We are running into the same issue. Is there any estimated timeline for a fix? the workaround won't work for us.
@yonzhan / @seligj95 any updates on this? There are several people commenting here about this issue with no response whatsoever.
This is caused by the bug in paramiko 3.4.0 https://github.com/paramiko/paramiko/issues/2419#issuecomment-2340435799
paramiko imports TripleDES with a deprecated path and Cryptography raises warning after version 43.0.0
I'll bump paramiko to fix this.
Ref: https://cryptography.io/en/latest/changelog/#v43-0-0 https://github.com/paramiko/paramiko/pull/2421
This is still happening in azure cloud shell:
PS /home/username> az webapp auth show -g rgname -n appname
/usr/lib64/az/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"cipher": algorithms.TripleDES,
/usr/lib64/az/lib/python3.9/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"class": algorithms.TripleDES,
This is still happening in the Azure Web App Cloud Shell:
az webapp config connection-string set ....
/usr/lib64/az/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"cipher": algorithms.TripleDES,
/usr/lib64/az/lib/python3.9/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"class": algorithms.TripleDES,
Connection string values have been redacted. Use `az webapp config connection-string list` to view.
Also happening with az webapp config appsettings set which shows a different redacted message. Why would the "set" command generate a warning about the "list" command?
Still happening for me as well:
PS /home/username> pip show paramiko | Select-String "Name","Version","Location"
Name: paramiko
Version: 3.5.0
Location: /home/username/.local/lib/python3.9/site-packages
PS /home/username> python3 -V
Python 3.9.19
PS /home/username> az -v
azure-cli 2.65.0 *
core 2.65.0 *
telemetry 1.1.0
Extensions:
ai-examples 0.2.5
costmanagement 0.3.0
ml 2.30.1
ssh 2.0.5
Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1
Python location '/usr/bin/python3.9'
Extensions directory '/home/username/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.9/site-packages/azure-cli-extensions'
Python (Linux) 3.9.19 (main, Aug 23 2024, 00:07:48)
[GCC 11.2.0]
Legal docs and information: aka.ms/AzureCliLegal
PS /home/username> az webapp list
/usr/lib64/az/lib/python3.9/site-packages/paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"cipher": algorithms.TripleDES,
/usr/lib64/az/lib/python3.9/site-packages/paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
"class": algorithms.TripleDES,
[]
PS /home/username>
@sguidos Cloud Shell hasn't update CLI yet. It's likely to update next month.
@caleb-terry You're using 2.65.0, not 2.67.0. PS: CLI has its own PYTHONPATH, and does not read from /home/username/.local/lib/python3.9/site-packages