azure-dev icon indicating copy to clipboard operation
azure-dev copied to clipboard
verified publisher icon Azure

Fail to run `azd pipeline config --provider github` and `azd pipeline config --provider azdo`

Open Menghua1 opened this issue 1 year ago • 7 comments

Describe the issue: When running the azd pipeline config --provider github and azd pipeline config --provider azdo commands, the error message fails as follows: image

Repro Steps:

  1. Login in with command: azd auth login.
  2. Run command: azd init -t todo-python-mongo-terraform -b staging.
  3. Run command: azd pipeline config --provider github or azd pipeline config --provider azdo.

Environment:

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • Branch: staging
  • OS: Windows, Linux, Mac, Cloud Shell, DevContainer, Codespaces.
  • Azd version: azd version 1.11.0-beta.1-pr.4140256 (commit b6402defbf4c4210855e14c114988010e0a51ed7) and azd version 1.11.0-beta.1-daily.4152592 (commit e2ff8ba7dcc5b3f7e883213a2315a8b275294def)

Expected behavior: azd pipeline config --provider github and azd pipeline config --provider azdo commands can be run successfully.

@jongio for notification.

Menghua1 avatar Sep 19 '24 10:09 Menghua1

@jongio This issue can also be reproduced in main. We tested the following four scenarios and they can all be reproduced:

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Linux, Mac, Cloud Shell, DevContainer, Codespaces.
  • Test Scenario:
  1. Templates under the main branch + azd version 1.11.0-beta.1-daily.4152592 (commit e2ff8ba7dcc5b3f7e883213a2315a8b275294def).
  2. Templates under the main branch + azd version 1.11.0-beta.1-pr.4140256 (commit b6402defbf4c4210855e14c114988010e0a51ed7).
  3. Templates under the staging branch + azd version 1.11.0-beta.1-daily.4152592 (commit e2ff8ba7dcc5b3f7e883213a2315a8b275294def).
  4. Templates under the staging branch + azd version 1.11.0-beta.1-pr.4140256 (commit b6402defbf4c4210855e14c114988010e0a51ed7).

Menghua1 avatar Sep 23 '24 09:09 Menghua1

@vhvb1989 do you think our internal subscriptions have policies which restrict dealing with client-credentials? but from a pipeline config feature POV we do support client-credentials?

rajeshkamal5050 avatar Sep 26 '24 00:09 rajeshkamal5050

@rajeshkamal5050 yes, the internal policy to block client-secrets was applied some days ago. If we want to run these tests, we need to use a different Tenant/Sub w/o the policy. Or we need to move the terraform scenarios to use managed identity (see: https://github.com/Azure/azure-dev/pull/4343)

vhvb1989 avatar Sep 26 '24 00:09 vhvb1989

@vhvb1989 May be a test tenant would help here for us in testing such features which are still supported?

cc @weshaggard @danieljurek

rajeshkamal5050 avatar Sep 26 '24 16:09 rajeshkamal5050

Our new TME test tenant isn't up and running yet but once it is ready it might be worth using here.

weshaggard avatar Sep 26 '24 18:09 weshaggard

@rajeshkamal5050 In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Mac, DevContainer.
  • Branch: staging
  • Azd version: azd version 1.11.0-beta.1-daily.4152592 (commit e2ff8ba7dcc5b3f7e883213a2315a8b275294def)

Menghua1 avatar Sep 27 '24 06:09 Menghua1

@rajeshkamal5050 and @jongio In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows.
  • Branch: staging
  • Azd version: azd version 1.10.3-pr.4243081 (commit 2c05c152915bdfd82e20d3350f249b22accd3deb) and azd version 1.11.0-beta.1-daily.4244391 (commit 8fc9d80640aa6f45f1a7d7631087c4a5f54e9e63).

Menghua1 avatar Oct 18 '24 10:10 Menghua1

@rajeshkamal5050 In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Mac, DevContainer.
  • Branch: staging
  • Azd version: azd version 1.11.0-beta.1-daily.4247716 (commit f4695c408eab9ea3cdedd1c3cb39aa01ad90123e)

Menghua1 avatar Oct 31 '24 07:10 Menghua1

@rajeshkamal5050 In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Mac, DevContainer.
  • Branch: staging.
  • Azd version: azd version 1.12.0-beta.1-daily.4359062 (commit 6cd82ae9ff02e156a0056e994215191469442ab3).

Menghua1 avatar Nov 28 '24 09:11 Menghua1

@rajeshkamal5050 In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Mac, DevContainer.
  • Branch: staging.
  • Azd version: azd version 1.12.0-beta.1-daily.4442669 (commit 9b60cbc2a703200eb04d325988dc359886b2dfcb).

Menghua1 avatar Dec 31 '24 09:12 Menghua1

@rajeshkamal5050 In the latest round of azd manual testing, this issue still exists.

  • Template: todo-python-mongo-terraform, todo-nodejs-mongo-terraform, todo-java-postgresql-terraform.
  • OS: Windows, Mac, DevContainer.
  • Branch: staging.
  • Azd version: azd version 1.12.0-beta.1-daily.4489231 (commit a6eb17988fc047579a8edaaa86f302f5f0ab4bb8).

Menghua1 avatar Jan 23 '25 10:01 Menghua1

Closing as expected behavior. Client credentials won't work in Tenants with policies that prevents this.

azd supports Federated Credentials now for Terraform as well and people can use this instead of secret credentials.

vhvb1989 avatar Aug 21 '25 21:08 vhvb1989