v1.5.1 breaks login with creds

Question

v1.5.1 breaks login with creds

alexkunde opened this issue 8 months ago · comments

Hi, we are using

- name: Azure login
        uses: azure/login@v1.5.1
        with:
          creds: ${{ secrets.SECRET_VALUE }}

This works fine with v1.5.0.
When I updated to 1.5.1 the following error occured.

Run azure/login@v1.5.1
  with:
    enable-AzPSSession: false
    environment: azurecloud
    allow-no-subscriptions: false
    audience: api://AzureADTokenExchange
    auth-type: SERVICE_PRINCIPAL
Error: Login failed with Error: Using auth-type: SERVICE_PRINCIPAL. Not all values are present. Ensure 'client-id' and 'tenant-id' are supplied.. Make sure 'az' is installed on the runner. If 'enable-AzPSSession' is true, make sure 'pwsh' is installed on the runner together with Azure PowerShell module. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.

This leads to 1.5.1 being a breaking change for us. Can you please have a look if this is intended?

Best,
Alex

Shiying Chen · Answer 1 · Tue Dec 05 2023 09:42:02 GMT+0800 (China Standard Time)

Hi @alexkunde,
Please verify that secrets.SECRET_VALUE is truly stored in your repository and includes the required client-id and tenant-id. Based on your provided logs, it appears that creds may not have been inputted.

Alexander Kunde · Answer 2 · Tue Dec 05 2023 22:30:15 GMT+0800 (China Standard Time)

Hi @MoChilia , I'm quite sure there were no changes during this update, since it was made by dependabot and automatically merged. Nonetheless I looped back with the team and am still waiting on feedback.

update:
the following values are present (+more)

"clientId": "xx",
"clientSecret": "xx",
"subscriptionId": "xx",
"tenantId": "xx",

Shiying Chen · Answer 3 · Wed Dec 06 2023 09:16:34 GMT+0800 (China Standard Time)

@alexkunde,
If your secret is correctly stored, it should be passed to azure/login action, displaying creds:*** in your log, like

Run azure/login@v1.5.1
  with:
    creds:***
    enable-AzPSSession: false
    environment: azurecloud
    allow-no-subscriptions: false
    audience: api://AzureADTokenExchange
    auth-type: SERVICE_PRINCIPAL

Maybe you can verify that the spelling of SECRET_VALUE matches the secret you stored.

Alexander Kunde · Answer 4 · Fri Dec 08 2023 01:08:37 GMT+0800 (China Standard Time)

@MoChilia I recreated the PR for all our logins we are using and Im no longer able to recreate my problem. Seems likel it was caused by some internal hickup. Thanks for looking into it.