pulumi-azure icon indicating copy to clipboard operation
pulumi-azure copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Provider does not automatically pick up credentials in VS Code

Open thrixton opened this issue 4 years ago • 5 comments

Problem

I'm trying to deploy this stack to a crosswalk provisioned Azure cluster. Whenever I do a pulumi up, I get the message To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code G5A2LL4VT to authenticate.. Most of the time (all the times after the first time), this does not work, the message stays on screen and eventually I have to kill the process. I'm logged in using az login --use-device-code per comment in CLI Authentication I've tried setting pulumi config set azure:useMsi true and pulumi config set azure:subscriptionId <guid> per #74 but neither helped and I've not read enough about MSI to be able to tell what's going wrong.

Similar to #74

Environment

pulumi cli: v2.1.0 "@pulumi/azure": "3.4.0" "@pulumi/kubernetes": "2.0.0" "@pulumi/pulumi": "2.1.0"

thrixton avatar May 07 '20 08:05 thrixton

I believe this comment

For most cases az login should suffice, but in certain scenarios such as working with AKS you may hit issues with Bearer tokens not being refreshed during an operation.

is not true anymore and the underlying bug with refreshing the token was fixed some time ago. Do you have other reasons to use the device code login?

mikhailshilkov avatar May 07 '20 08:05 mikhailshilkov

I have no other reason apart from that comment and it not working previously. Trying with just az login produces the same result.

pulumi:pulumi:Stack pulumi-crosswalk-kubernetes-05-app-services-dev running E0507 18:42:34.300835 27916 azure.go:127] Failed to acquire a token: acquiring a new fresh token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired

thrixton avatar May 07 '20 10:05 thrixton

Additional info, I can destroy the stack, it prompts for the web browser auth as per the original issue but then once that is complete, it does continue. Once the stack is destroyed, I can also recreate it, once again going through the browser auth.

Odd.

thrixton avatar May 07 '20 11:05 thrixton

i had the same issue, when pulumi tried to get my credentials from az login. My problem was that I was using the wrong subscription where the aks was not located

Bj3MaS avatar Jan 03 '22 10:01 Bj3MaS

I have ran in this issue too.

For me has been the issue that I have used listManagedClusterUserCredentialsOutput on an AzureAD enabled AKS cluster instead of listManagedClusterAdminCredentialsOutput. This provided me with the solution: https://github.com/pulumi/pulumi-azure-native/issues/1245

secustor avatar Jan 11 '22 15:01 secustor