[WebToolsE2E][Aspire][Linux] When running the 'azd pipeline config' command, an error message appears: 'failed to create or update service principal'.
v-reinawang opened this issue · comments
REGRESSION INFO: Repro on Aspire 8.0.0
INSTALL STEPS
- Clean machine: Ubuntu Server 23.10
- Install VS Code and SDK 8.0.300
- Install Aspire 8.1 P1 workload version 8.1.0-preview.1.24273.2
- Apply NuGet Feeds
- Install Docker Desktop for Linux
- Install azd [1.9.3]
REPRO STEPS
- Open CMD, creating an Aspire Starter App using following commands:
mkdir test
cd test
dotnet new aspire-starter --use-redis-cache --name AspireSample
- Runing
azd init, select 'Use code in the current directory' > Confirm and continue initializing my app > type a new environment name, press enter - Run
azd auth loginto log in azd. - Create an empty .github folder at the root of your project. Inside the new .github folder, create another folder called workflows. Add a new GitHub Actions workflow file into the new folder named azure-dev.yml.
on:
workflow_dispatch:
push:
# Run when commits are pushed to mainline branch (main or master)
# Set this to the mainline branch you are using
branches:
- main
- master
# GitHub Actions workflow to deploy to Azure using azd
# To configure required secrets for connecting to Azure, simply run `azd pipeline config`
# Set up permissions for deploying with secretless Azure federated credentials
# https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-portal%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
env:
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_ENV_NAME: ${{ vars.AZURE_ENV_NAME }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install azd
uses: Azure/setup-azd@v1.0.0
- name: Log in with Azure (Federated Credentials)
if: ${{ env.AZURE_CLIENT_ID != '' }}
run: |
azd auth login `
--client-id "$Env:AZURE_CLIENT_ID" `
--federated-credential-provider "github" `
--tenant-id "$Env:AZURE_TENANT_ID"
shell: pwsh
- name: Log in with Azure (Client Credentials)
if: ${{ env.AZURE_CREDENTIALS != '' }}
run: |
$info = $Env:AZURE_CREDENTIALS | ConvertFrom-Json -AsHashtable;
Write-Host "::add-mask::$($info.clientSecret)"
azd auth login `
--client-id "$($info.clientId)" `
--client-secret "$($info.clientSecret)" `
--tenant-id "$($info.tenantId)"
shell: pwsh
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Provision Infrastructure
run: azd provision --no-prompt
- name: Deploy Application
run: azd deploy --no-prompt
- Run the
azd pipeline configcommand to configure your deployment pipeline and securely connect it to Azure.
ACTUAL:
ERROR: failed to create or update service principal: failed creating application 'az-dev-05-24-2024-03-25-42': reauthentication required, run azd auth login --scope https://graph.microsoft.com/.default to log in
Then run 'azd auth login --scope https://graph.microsoft.com/.default' to log in, the browser page displays: 'Set up your device to get access'
EXPECTED
Running 'azd pipeline config' successfully.
@vhvb1989 can you triage this?
expected behavior. azp pipeline config does not work on Linux for Tenants with conditional access policies, as the Linux devices can't be enrolled.
Linux is supported by using WSL or Codespaces and using the Windows Host machine to authenticate to Azure and act on behalf of the Linux VM.