AzOps icon indicating copy to clipboard operation
AzOps copied to clipboard

Published 20 hours ago verified publisher icon Azure

Failed to export child resources

Open BenjaminEngeset opened this issue 8 months ago • 0 comments
trafficstars

Currently using the latest AzOps module version in combination with federated identity via GitHub Actions.

When trying to export child resources, I get this written to the warning stream for every single resource group.

We're only using AzOps to take backup of the Azure hierarchy, so the identity has been granted reader at the root scope.

Originally we taught the issue was related to the token lifetime, but it looks to me that the AzOps module will try to authenticate again, with a new valid token.

Any ideas on what might cause this?

WARNING: [10:41:15][Get-AzOpsResourceDefinition] Failed to export childResources in [rg-notification-test-we-001]. Warning: [Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.  Original exception: AADSTS700024: Client assertion is not within its valid time range. Current time: 2025-03-10T10:41:15.4299515Z, assertion valid from 2025-03-10T09:24:11.0000000Z, expiry time of assertion 2025-03-10T09:29:11.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: d5564fb6-0793-4486-af0f-2ce454c41a00 Correlation ID: cfce9b3c-a2bd-43af-ad52-398f52524aa2 Timestamp: 2025-03-10 10:41:15Z]
WARNING: [10:41:16][Invoke-AzOpsScriptBlock] Tried 
                                param (
                                    $ExportParameters
                                )
                                $param = $ExportParameters | Write-Output
                                Export-AzResourceGroup @param -Confirm:$false -Force -ErrorAction Stop | Out-Null
                             unsuccessfully 3 out of 3 times, giving up. | Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials.
ClientAssertionCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.  Original exception: AADSTS700024: Client assertion is not within its valid time range. Current time: 2025-03-10T10:41:16.1592603Z, assertion valid from 2025-03-10T09:24:11.0000000Z, expiry time of assertion 2025-03-10T09:29:11.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 9ba63807-d962-4132-b34e-463204f91d00 Correlation ID: fda0b89f-cb85-41f5-8c5c-2a813cbdbe9c Timestamp: 2025-03-10 10:41:16Z

BenjaminEngeset avatar Mar 10 '25 10:03 BenjaminEngeset