azure-sdk-for-net KubectlExecuteIdentityAKSTests fails with System.InvalidOperationException: ERROR: AADSTS700024: Client assertion is not within its valid time range

KubectlExecuteIdentityAKSTests fails with System.InvalidOperationException: ERROR: AADSTS700024: Client assertion is not within its valid time range

Open ahsonkhan opened this issue 5 months ago • 1 comments

From https://github.com/Azure/azure-sdk-for-net/pull/46135#issuecomment-2372527420

I keep seeing a seemingly unrelated test fail on Ubuntu, leg Build & Test (all tests for net8.0) - Federated Auth run from net - identity - tests: Failed KubectlExecuteIdentityAKSTests It fails on retry.

From @christothes:

I think this is just a timing related issue since we are using the OIDC token that was set at the begining of the pipeline and sometimes we just happen to execute those tests after the 10 minute lifetime expiration. I have some ideas for how to resolve it that we can discuss in the issue.

2024-09-24T20:33:20.0037474Z   Failed KubectlExecuteIdentityAKSTests [754 ms]
2024-09-24T20:33:20.0038481Z   Error Message:
2024-09-24T20:33:20.0041045Z    System.InvalidOperationException: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-09-24T20:33:19.6123783Z, assertion valid from 2024-09-24T20:16:20.0000000Z, expiry time of assertion 2024-09-24T20:26:20.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 4edaea99-30f4-4c2f-83f5-a7b4e83f3000 Correlation ID: 951d6530-5f14-4a20-a9a5-aba45e411644 Timestamp: 2024-09-24 20:33:19Z
2024-09-24T20:33:20.0044185Z Interactive authentication is needed. Please run:
2024-09-24T20:33:20.0046014Z az login
2024-09-24T20:33:20.0048084Z    at Azure.Identity.ProcessRunner.Run() in /_/sdk/identity/Azure.Identity/src/ProcessRunner.cs:line 66
2024-09-24T20:33:20.0050003Z    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.RunCommand(String fileName, String args) in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 76
2024-09-24T20:33:20.0052414Z   Stack Trace:
2024-09-24T20:33:20.0054820Z      at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.RunCommand(String fileName, String args) in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 83
2024-09-24T20:33:20.0058030Z    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.SetupKubernetesEnvironment() in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 41
2024-09-24T20:33:20.0061136Z    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.KubectlExecuteIdentityAKSTests() in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 60
2024-09-24T20:33:20.0063491Z 
2024-09-24T20:33:20.0067912Z 1)    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.RunCommand(String fileName, String args) in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 76
2024-09-24T20:33:20.0070993Z    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.SetupKubernetesEnvironment() in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 41
2024-09-24T20:33:20.0074273Z    at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.KubectlExecuteIdentityAKSTests() in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 60
2024-09-24T20:33:20.0075791Z 
2024-09-24T20:33:20.0076432Z 
2024-09-24T20:33:20.0078061Z   Standard Output Messages:
2024-09-24T20:33:20.0079856Z  Running command: which az
2024-09-24T20:33:20.0081463Z  output:
2024-09-24T20:33:20.0082969Z  /usr/bin/az
2024-09-24T20:33:20.0084595Z  Running command: which kubectl
2024-09-24T20:33:20.0086169Z  output:
2024-09-24T20:33:20.0087866Z  /usr/bin/kubectl
2024-09-24T20:33:20.0094844Z  Running command: /usr/bin/az login --federated-token *** --service-principal -u *** --tenant ***
2024-09-24T20:33:20.0099150Z  System.InvalidOperationException: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-09-24T20:33:19.6123783Z, assertion valid from 2024-09-24T20:16:20.0000000Z, expiry time of assertion 2024-09-24T20:26:20.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 4edaea99-30f4-4c2f-83f5-a7b4e83f3000 Correlation ID: 951d6530-5f14-4a20-a9a5-aba45e411644 Timestamp: 2024-09-24 20:33:19Z
2024-09-24T20:33:20.0102560Z  Interactive authentication is needed. Please run:
2024-09-24T20:33:20.0104500Z  az login
2024-09-24T20:33:20.0106630Z     at Azure.Identity.ProcessRunner.Run() in /_/sdk/identity/Azure.Identity/src/ProcessRunner.cs:line 66
2024-09-24T20:33:20.0110149Z     at Azure.Identity.Tests.ManagedIdentityAKSIntegrationTests.RunCommand(String fileName, String args) in /mnt/vss/_work/1/s/sdk/identity/Azure.Identity/tests/ManagedIdentityAKSIntegrationTests.cs:line 76
2024-09-24T20:33:20.0127239Z 
2024-09-24T20:33:20.0127903Z

From analytics, this particular test has failed intermittently over the last few weeks:

In the last month, the test has a passing rate of 46% (27 out of 169 attempts failed)

Sep 24 '24 23:09 ahsonkhan

azure-sdk-for-net azure-sdk-for-net copied to clipboard

KubectlExecuteIdentityAKSTests fails with System.InvalidOperationException: ERROR: AADSTS700024: Client assertion is not within its valid time range

azure-sdk-for-net
azure-sdk-for-net copied to clipboard